Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 1 Feb 2013 18:17:06 +0400
From: Solar Designer <>
Cc: Corey Bryant <>,
	Kees Cook <>,
	Anthony Liguori <>,
	Frank Novak <>,
	George Wilson <>,
	Joel Schopp <>,
	Kevin Wolf <>,
	Warren Grunbok II <>
Subject: Re: Secure Open Source Project Guide

Corey, Kees, all -

Why don't we bring this to the oss-security mailing list?  I think this
topic is not in any way specific nor limited to the Linux kernel.  There
are ~10x more people on oss-security than on kernel-hardening, and this
topic is a better fit for oss-security than for kernel-hardening.  There
is a wiki for the oss-security group, where such content is welcome.
Anyone can register for an account and edit.

Info on the oss-security mailing list:

Subscribe here:

(Of course, Kees and many others in here are already on oss-security as
well.  Not all, though.)

On Thu, Jan 31, 2013 at 04:10:03PM -0500, Corey Bryant wrote:
> We should probably start by gathering a list of ideas to include in the 
> guide.  Some initial ideas that come to mind are:
> * Secure programming practices (Secure "Programming for Linux
>   and Unix HOWTO" is a good reference for Linux though probably
>   out of date)

CERT's Secure Coding resources are more current, but they're focused on
programming languages and I think they don't cover operating system
specific pitfalls (e.g., Linux netlink).

> * Performing secure code reviews and detecting common
>   vulnerabilities
> * Ensuring code is reviewed by trusted parties and proper patch
>   tagging is used
> * Signing of releases, pull requests, patches, commits, etc by
>   trusted parties
> * Removing vulnerabilities with automated tooling (Static/Dynamic
>   analysis, Fuzzing)

We have some relevant links here:

and more specifically:

More content (and better organization of content) on the oss-security
wiki is welcome - including on all topics you listed above.



Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.