Worked on the zephyrproject-rtos/poky repository to improve security bug triage and release engineering processes. Focused on clarifying the status of CVE-2023-1386, determining it as disputed and not a bug, which helped prevent misclassification in bug tracking systems. Applied targeted patches to the QEMU integration using C, aligning the CVE status with established security policies and ensuring consistent labeling across the codebase. Leveraged build system expertise to reduce false positives and noise in triage workflows. Established a foundation for future automation of CVE-status propagation, contributing to more efficient and accurate security management within the project’s infrastructure.