Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Eric H. Christensen <sparks-rxtnV0ftBwyoClj4AeEUq9i2O/JbrIOy <at> public.gmane.org>
Subject: Fedora Security SIG Update
Newsgroups: gmane.linux.redhat.fedora.security
Date: Tuesday 9th July 2013 13:33:29 UTC (over 3 years ago)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

The Fedora Security SIG is coming back with a new mission and new momentum.
Previously the Security SIG concentrated on security responses to
vulnerabilities and answered questions from the Fedora community. While
this service isn't going away we will be adding two new functions: secure
coding education and code audit services.

Our secure coding mission is primarily educational. Writing software is
really hard, writing secure software is even harder. There's no way any
software will ever be written without bugs, but we can try to avoid some of
the most common mistakes. Our first steps are to document the common causes
for security vulnerabilities in software and provide information  on
preventing these vulnerabilities from happening. Red Hat has started to
track a subset of security flaws using Common Weakness Enumaration (CWE)
IDs, this needs to be expanded to cover Fedora security bugs.  We also have
a secure coding guide, the Defensive Coding Guide[0], that is in the works,
along with additional documentation.

For code audits, we're really not sure where to start. We want to involve
the community in this project, but honestly, we're not totally sure what
that means. In the short term we expect to just be more transparent about
what sort of work Red Hat is doing in this area and try to make public
whatever information we can about code audits; this can be sensitive
obviously. If contributors have ideas, or want to help, please join the
discussion. This project is expected to evolve substantially over the next
few months.

As everyone knows, security is a big deal and keeps getting more important
every day. Historically Fedora has done a fantastic job with security, one
of the reasons the previous SIG never really took off is because there was
no need, Fedora was mostly secure and didn't need fixing. While Fedora ils
still secure, there is a lot of opportunity to help. The nature of security
is changing very rapidly, technologies like mobile and cloud are changing
everything. Rather than sit by and let this happen, we believe Fedora
should be out in front, working with the community to ensure open source
remains the most secure solutions available.

But don't let what has been said so far become a limit on what can be done.
 I'd love to start working providing OVAL data, security bulletins, consult
when questions arise and more.  If you have ideas please join up and lets
start working!

You can find us on Freenode IRC in #fedora-security, on our mailing
list[1], and in our GIT repository[2].

We look forward to your help.

[0] https://docs.fedoraproject.org/en-US/Fedora_Security_Team//html/Defensive_Coding/index.html
[1] https://lists.fedoraproject.org/mailman/listinfo/security
[2] https://fedorahosted.org/secure-coding/

- -- Eric

- --------------------------------------------------
Eric "Sparks" Christensen
Fedora Project - Red Hat

[email protected] - [email protected]
097C 82C3 52DF C64A 50C2  E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQGcBAEBCgAGBQJR3BEmAAoJEB/kgVGp2CYvcJ8L/RE75c9Ww/B8cNe2pwTBD9yv
6FGfK50QFMlRC6voq2Fd5RZb8Hf+PKoxw4+ewbUYdnN8t0n+DaEvPxP69hJtgJ5N
N1736+aD6OiiArKrdfBO4A9syXfMEmOPsqmye7WuXrripJc8asxu8jrh1DgEjwXk
rFrI2pau3upnzkwRHDTRnMPZ925g3BE7SnHa+UD2KZQ3B29Qos3FHmaX5Kn3LXf+
3h+zNnIVkClGr1HK56QVxgsjNWApIH/HsCspxwOpr3ULKRvWD8FJjVxEyp1EDCrc
Fw0C6Di7hbzM5VNVpg4CUpquoG9QCnbNniF+IEIzcBWHr1MEKSmq64xFhfXFS0Zx
w0wWmDQHmwBYxp+v9FKzuGbyb5YQAkZm7z/wRu1dfL6d39LBzG5y48zIEgmIUL6t
eZX5o+lAc/3/W9sKfBbB0dmEq9m02jTIER96aD8iXNEyU8B6Yr34fnWyTiJ6BmYA
Z0/ZPvq+vRJGl/F+pZkhekm8yYxA+4R8AdUnDwTt1A==
=AU1I
-----END PGP SIGNATURE-----
--
security mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/security
 
CD: 4ms