Date: Fri, 1 Feb 2013 18:17:06 +0400 From: Solar Designer <solar@...nwall.com> To: kernel-hardening@...ts.openwall.com Cc: Corey Bryant <coreyb@...ux.vnet.ibm.com>, Kees Cook <keescook@...omium.org>, Anthony Liguori <aliguori@...ibm.com>, Frank Novak <fnovak@...ibm.com>, George Wilson <gcwilson@...ibm.com>, Joel Schopp <jschopp@...ux.vnet.ibm.com>, Kevin Wolf <kwolf@...hat.com>, Warren Grunbok II <wgrunbok@...t.ibm.com> Subject: Re: Secure Open Source Project Guide Corey, Kees, all - Why don't we bring this to the oss-security mailing list? I think this topic is not in any way specific nor limited to the Linux kernel. There are ~10x more people on oss-security than on kernel-hardening, and this topic is a better fit for oss-security than for kernel-hardening. There is a wiki for the oss-security group, where such content is welcome. Anyone can register for an account and edit. Info on the oss-security mailing list: http://oss-security.openwall.org/wiki/mailing-lists/oss-security Subscribe here: http://oss-security.openwall.org/subscribe (Of course, Kees and many others in here are already on oss-security as well. Not all, though.) On Thu, Jan 31, 2013 at 04:10:03PM -0500, Corey Bryant wrote: > We should probably start by gathering a list of ideas to include in the > guide. Some initial ideas that come to mind are: > > * Secure programming practices (Secure "Programming for Linux > and Unix HOWTO" is a good reference for Linux though probably > out of date) CERT's Secure Coding resources are more current, but they're focused on programming languages and I think they don't cover operating system specific pitfalls (e.g., Linux netlink). > * Performing secure code reviews and detecting common > vulnerabilities > * Ensuring code is reviewed by trusted parties and proper patch > tagging is used > * Signing of releases, pull requests, patches, commits, etc by > trusted parties > * Removing vulnerabilities with automated tooling (Static/Dynamic > analysis, Fuzzing) We have some relevant links here: http://oss-security.openwall.org/wiki/ and more specifically: http://oss-security.openwall.org/wiki/tools http://oss-security.openwall.org/wiki/links http://oss-security.openwall.org/wiki/code-reviews More content (and better organization of content) on the oss-security wiki is welcome - including on all topics you listed above. Thanks, Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.