Date: Fri, 24 Mar 2017 13:32:01 +0100 From: Solar Designer <solar@...nwall.com> To: James Morris <jmorris@...ei.org> Cc: oss-security@...ts.openwall.com Subject: Re: [ANNOUNCE] Linux Security Summit 2017 - CFP Hi James, With all due respect to you and recognition of the importance of this event, as I had pointed out last year, I wish you either informed oss-security of the outcomes of each year's LSS or didn't post the CFPs in here. Posting only a CFP and then nothing until next year's CFP sort of works on other lists, but not on oss-security. Please re-read: http://www.openwall.com/lists/oss-security/2016/03/25/7 Unless there's anything from LSS besides this CFP posted to here until next year's, I am going to reject next year's LSS CFP, as we should have been doing per the published oss-security guidelines in the first place. The same applies to other events focused on open source security, including non-Linux ones: CFPs only "no", generally useful material from such events "probably yes", CFPs from events for which there were other accepted postings "possibly yes". Currently I don't recall any events with relevant focus that bothered communicating their materials to here, but they should have (if any of the substance could be provided in text/plain; for videos only, no). For events not focused on open source security, I intend to make no exceptions regarding CFPs, not even if some materials were relevant and discussed in here. So overall our "no CFPs" policy is still in place. This applies to oss-security only. Having this same CFP on the kernel-hardening list is OK and desirable. (And it's already there.) On Fri, Mar 24, 2017 at 12:26:43PM +1100, James Morris wrote: > Topic areas include, but are not limited to: > > * Kernel self-protection > * Access control > * Cryptography and key management > * Integrity control > * Hardware Security > * Iot and embedded security > * Virtualization and containers > * System-specific system hardening > * Case studies > * Security tools > * Security UX > * Emerging technologies, threats & techniques diff from last year's: - * Trust systems - * Storage and file systems - * Identity management - * Code analysis - * Security analytics - * Secure development and operational practices + * Iot and embedded security + * System-specific system hardening + * Security tools + * Security UX To make my posting useful, let me inform those not on kernel-hardening, but interested in how the project is doing, that it's been doing OK at least(*) in terms of activity lately, with last month being the busiest month so far by number of messages posted: http://www.openwall.com/lists/kernel-hardening/ http://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project (*) I say "at least" because I know that opinions vary as to the utility of such activity. Another good resource are Kees Cook's blog posts on "security things" in each new Linux kernel release: https://outflux.net/blog/archives/2017/02/27/security-things-in-linux-v4-10/ https://outflux.net/blog/archives/2016/12/12/security-things-in-linux-v4-9/ https://outflux.net/blog/archives/2016/10/04/security-things-in-linux-v4-8/ https://outflux.net/blog/archives/2016/10/03/security-things-in-linux-v4-7/ https://outflux.net/blog/archives/2016/09/30/security-things-in-linux-v4-6/ https://outflux.net/blog/archives/2016/09/28/security-things-in-linux-v4-5/ https://outflux.net/blog/archives/2016/09/27/security-things-in-linux-v4-4/ https://outflux.net/blog/archives/2016/09/26/security-things-in-linux-v4-3/ and his other blog posts as well, such as on security bugs' lifetime. These are so much more useful (or rather, to more people) than a CFP with no follow-ups. I wish Kees, James, and others posted this kind of material in here in text/plain, in addition to blogging. Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ