* [kernel-hardening] Secure Open Source Project Guide
@ 2013-01-31 15:34 Corey Bryant
2013-01-31 18:37 ` Kees Cook
0 siblings, 1 reply; 14+ messages in thread
From: Corey Bryant @ 2013-01-31 15:34 UTC (permalink / raw)
To: kernel-hardening
Cc: Anthony Liguori, Frank Novak, George Wilson, Joel Schopp,
Kevin Wolf, Warren Grunbok II
In light of events like this http://lwn.net/Articles/535149/ "China,
GitHub and the man-in-the-middle (Greatfire)", we are thinking that a
guide for securing open source projects is needed. For example,
recommending pull requests or commits be PGP signed are a few things
we've discussed that could defend against a MITM attack inserting
malicious code.
Does anyone have any thoughts as to where we could publish such a guide?
Perhaps the Linux Foundation?
I believe we have the resources on this mailing list to work through the
details and put together a succinct guide that we could take to a wider
audience.
--
Regards,
Corey Bryant
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [kernel-hardening] Secure Open Source Project Guide
2013-01-31 15:34 [kernel-hardening] Secure Open Source Project Guide Corey Bryant
@ 2013-01-31 18:37 ` Kees Cook
2013-01-31 19:30 ` Anthony Liguori
2013-01-31 21:10 ` Corey Bryant
0 siblings, 2 replies; 14+ messages in thread
From: Kees Cook @ 2013-01-31 18:37 UTC (permalink / raw)
To: kernel-hardening
Cc: Anthony Liguori, Frank Novak, George Wilson, Joel Schopp,
Kevin Wolf, Warren Grunbok II
On Thu, Jan 31, 2013 at 7:34 AM, Corey Bryant <coreyb@linux.vnet.ibm.com> wrote:
> In light of events like this http://lwn.net/Articles/535149/ "China, GitHub
> and the man-in-the-middle (Greatfire)", we are thinking that a guide for
> securing open source projects is needed. For example, recommending pull
> requests or commits be PGP signed are a few things we've discussed that
> could defend against a MITM attack inserting malicious code.
>
> Does anyone have any thoughts as to where we could publish such a guide?
> Perhaps the Linux Foundation?
>
> I believe we have the resources on this mailing list to work through the
> details and put together a succinct guide that we could take to a wider
> audience.
Yeah, sounds good. I think we could easily use the kernel-security
wiki to work on it initially, and if it needs a different home in the
end, we can move it then.
-Kees
--
Kees Cook
Chrome OS Security
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [kernel-hardening] Secure Open Source Project Guide
2013-01-31 18:37 ` Kees Cook
@ 2013-01-31 19:30 ` Anthony Liguori
2013-02-01 14:33 ` Corey Bryant
2013-02-05 18:34 ` Corey Bryant
2013-01-31 21:10 ` Corey Bryant
1 sibling, 2 replies; 14+ messages in thread
From: Anthony Liguori @ 2013-01-31 19:30 UTC (permalink / raw)
To: Kees Cook, kernel-hardening
Cc: Frank Novak, George Wilson, Joel Schopp, Kevin Wolf, Warren Grunbok II
Kees Cook <keescook@chromium.org> writes:
> On Thu, Jan 31, 2013 at 7:34 AM, Corey Bryant <coreyb@linux.vnet.ibm.com> wrote:
>> In light of events like this http://lwn.net/Articles/535149/ "China, GitHub
>> and the man-in-the-middle (Greatfire)", we are thinking that a guide for
>> securing open source projects is needed. For example, recommending pull
>> requests or commits be PGP signed are a few things we've discussed that
>> could defend against a MITM attack inserting malicious code.
>>
>> Does anyone have any thoughts as to where we could publish such a guide?
>> Perhaps the Linux Foundation?
>>
>> I believe we have the resources on this mailing list to work through the
>> details and put together a succinct guide that we could take to a wider
>> audience.
>
> Yeah, sounds good. I think we could easily use the kernel-security
> wiki to work on it initially, and if it needs a different home in the
> end, we can move it then.
If someone picks a home, I'll do a brain dump of some of my concerns and
what I think can be done about it.
Regards,
Anthony Liguori
>
> -Kees
>
> --
> Kees Cook
> Chrome OS Security
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [kernel-hardening] Secure Open Source Project Guide
2013-01-31 18:37 ` Kees Cook
2013-01-31 19:30 ` Anthony Liguori
@ 2013-01-31 21:10 ` Corey Bryant
2013-01-31 23:18 ` Peter Huewe
2013-02-01 14:17 ` Solar Designer
1 sibling, 2 replies; 14+ messages in thread
From: Corey Bryant @ 2013-01-31 21:10 UTC (permalink / raw)
To: kernel-hardening
Cc: Kees Cook, Anthony Liguori, Frank Novak, George Wilson,
Joel Schopp, Kevin Wolf, Warren Grunbok II
On 01/31/2013 01:37 PM, Kees Cook wrote:
> On Thu, Jan 31, 2013 at 7:34 AM, Corey Bryant <coreyb@linux.vnet.ibm.com> wrote:
>> In light of events like this http://lwn.net/Articles/535149/ "China, GitHub
>> and the man-in-the-middle (Greatfire)", we are thinking that a guide for
>> securing open source projects is needed. For example, recommending pull
>> requests or commits be PGP signed are a few things we've discussed that
>> could defend against a MITM attack inserting malicious code.
>>
>> Does anyone have any thoughts as to where we could publish such a guide?
>> Perhaps the Linux Foundation?
>>
>> I believe we have the resources on this mailing list to work through the
>> details and put together a succinct guide that we could take to a wider
>> audience.
>
> Yeah, sounds good. I think we could easily use the kernel-security
> wiki to work on it initially, and if it needs a different home in the
> end, we can move it then.
>
> -Kees
>
> --
> Kees Cook
> Chrome OS Security
>
>
>
Does it make sense to get everyone edit access to the wiki? If not I
can set up a page for it and get input from folks here on the mailing
list as it progresses and update the wiki myself.
We should probably start by gathering a list of ideas to include in the
guide. Some initial ideas that come to mind are:
* Secure programming practices (Secure "Programming for Linux
and Unix HOWTO" is a good reference for Linux though probably
out of date)
* Performing secure code reviews and detecting common
vulnerabilities
* Ensuring code is reviewed by trusted parties and proper patch
tagging is used
* Signing of releases, pull requests, patches, commits, etc by
trusted parties
* Removing vulnerabilities with automated tooling (Static/Dynamic
analysis, Fuzzing)
Any thoughts?
--
Regards,
Corey Bryant
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [kernel-hardening] Secure Open Source Project Guide
2013-01-31 21:10 ` Corey Bryant
@ 2013-01-31 23:18 ` Peter Huewe
2013-02-01 14:36 ` Corey Bryant
2013-02-01 14:17 ` Solar Designer
1 sibling, 1 reply; 14+ messages in thread
From: Peter Huewe @ 2013-01-31 23:18 UTC (permalink / raw)
To: kernel-hardening
Cc: Corey Bryant, Kees Cook, Anthony Liguori, Frank Novak,
George Wilson, Joel Schopp, Kevin Wolf, Warren Grunbok II
Hi,
> We should probably start by gathering a list of ideas to include in the
> guide. Some initial ideas that come to mind are:
>
> * Secure programming practices (Secure "Programming for Linux
> and Unix HOWTO" is a good reference for Linux though probably
> out of date)
> * Performing secure code reviews and detecting common
> vulnerabilities
> * Ensuring code is reviewed by trusted parties and proper patch
> tagging is used
> * Signing of releases, pull requests, patches, commits, etc by
> trusted parties
> * Removing vulnerabilities with automated tooling (Static/Dynamic
> analysis, Fuzzing)
>
> Any thoughts?
I'd definitely add
* creating semantic patches out of the secure coding reviews / common
vulnerabilities with coccinelle/spatch.
(Usually the same bugs happen over and over again - see e.g. the CWE list ;)
I know this goes into the direction of your last point, but is not that
trivial to use like e.g. spatch but on the other hand provides "automatic"
fixing.
Just my two cents.
PeterH
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [kernel-hardening] Secure Open Source Project Guide
2013-01-31 21:10 ` Corey Bryant
2013-01-31 23:18 ` Peter Huewe
@ 2013-02-01 14:17 ` Solar Designer
2013-02-01 14:41 ` Corey Bryant
1 sibling, 1 reply; 14+ messages in thread
From: Solar Designer @ 2013-02-01 14:17 UTC (permalink / raw)
To: kernel-hardening
Cc: Corey Bryant, Kees Cook, Anthony Liguori, Frank Novak,
George Wilson, Joel Schopp, Kevin Wolf, Warren Grunbok II
Corey, Kees, all -
Why don't we bring this to the oss-security mailing list? I think this
topic is not in any way specific nor limited to the Linux kernel. There
are ~10x more people on oss-security than on kernel-hardening, and this
topic is a better fit for oss-security than for kernel-hardening. There
is a wiki for the oss-security group, where such content is welcome.
Anyone can register for an account and edit.
Info on the oss-security mailing list:
http://oss-security.openwall.org/wiki/mailing-lists/oss-security
Subscribe here:
http://oss-security.openwall.org/subscribe
(Of course, Kees and many others in here are already on oss-security as
well. Not all, though.)
On Thu, Jan 31, 2013 at 04:10:03PM -0500, Corey Bryant wrote:
> We should probably start by gathering a list of ideas to include in the
> guide. Some initial ideas that come to mind are:
>
> * Secure programming practices (Secure "Programming for Linux
> and Unix HOWTO" is a good reference for Linux though probably
> out of date)
CERT's Secure Coding resources are more current, but they're focused on
programming languages and I think they don't cover operating system
specific pitfalls (e.g., Linux netlink).
> * Performing secure code reviews and detecting common
> vulnerabilities
> * Ensuring code is reviewed by trusted parties and proper patch
> tagging is used
> * Signing of releases, pull requests, patches, commits, etc by
> trusted parties
> * Removing vulnerabilities with automated tooling (Static/Dynamic
> analysis, Fuzzing)
We have some relevant links here:
http://oss-security.openwall.org/wiki/
and more specifically:
http://oss-security.openwall.org/wiki/tools
http://oss-security.openwall.org/wiki/links
http://oss-security.openwall.org/wiki/code-reviews
More content (and better organization of content) on the oss-security
wiki is welcome - including on all topics you listed above.
Thanks,
Alexander
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [kernel-hardening] Secure Open Source Project Guide
2013-01-31 19:30 ` Anthony Liguori
@ 2013-02-01 14:33 ` Corey Bryant
2013-02-05 18:34 ` Corey Bryant
1 sibling, 0 replies; 14+ messages in thread
From: Corey Bryant @ 2013-02-01 14:33 UTC (permalink / raw)
To: kernel-hardening
Cc: Anthony Liguori, Kees Cook, Frank Novak, George Wilson,
Joel Schopp, Kevin Wolf, Warren Grunbok II
On 01/31/2013 02:30 PM, Anthony Liguori wrote:
> Kees Cook <keescook@chromium.org> writes:
>
>> On Thu, Jan 31, 2013 at 7:34 AM, Corey Bryant <coreyb@linux.vnet.ibm.com> wrote:
>>> In light of events like this http://lwn.net/Articles/535149/ "China, GitHub
>>> and the man-in-the-middle (Greatfire)", we are thinking that a guide for
>>> securing open source projects is needed. For example, recommending pull
>>> requests or commits be PGP signed are a few things we've discussed that
>>> could defend against a MITM attack inserting malicious code.
>>>
>>> Does anyone have any thoughts as to where we could publish such a guide?
>>> Perhaps the Linux Foundation?
>>>
>>> I believe we have the resources on this mailing list to work through the
>>> details and put together a succinct guide that we could take to a wider
>>> audience.
>>
>> Yeah, sounds good. I think we could easily use the kernel-security
>> wiki to work on it initially, and if it needs a different home in the
>> end, we can move it then.
>
> If someone picks a home, I'll do a brain dump of some of my concerns and
> what I think can be done about it.
>
> Regards,
>
> Anthony Liguori
>
That would be great. Thanks Anthony.
--
Regards,
Corey Bryant
>>
>> -Kees
>>
>> --
>> Kees Cook
>> Chrome OS Security
>
>
>
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [kernel-hardening] Secure Open Source Project Guide
2013-01-31 23:18 ` Peter Huewe
@ 2013-02-01 14:36 ` Corey Bryant
0 siblings, 0 replies; 14+ messages in thread
From: Corey Bryant @ 2013-02-01 14:36 UTC (permalink / raw)
To: Peter Huewe
Cc: kernel-hardening, Kees Cook, Anthony Liguori, Frank Novak,
George Wilson, Joel Schopp, Kevin Wolf, Warren Grunbok II
On 01/31/2013 06:18 PM, Peter Huewe wrote:
> Hi,
>> We should probably start by gathering a list of ideas to include in the
>> guide. Some initial ideas that come to mind are:
>>
>> * Secure programming practices (Secure "Programming for Linux
>> and Unix HOWTO" is a good reference for Linux though probably
>> out of date)
>> * Performing secure code reviews and detecting common
>> vulnerabilities
>> * Ensuring code is reviewed by trusted parties and proper patch
>> tagging is used
>> * Signing of releases, pull requests, patches, commits, etc by
>> trusted parties
>> * Removing vulnerabilities with automated tooling (Static/Dynamic
>> analysis, Fuzzing)
>>
>> Any thoughts?
>
> I'd definitely add
> * creating semantic patches out of the secure coding reviews / common
> vulnerabilities with coccinelle/spatch.
> (Usually the same bugs happen over and over again - see e.g. the CWE list ;)
>
> I know this goes into the direction of your last point, but is not that
> trivial to use like e.g. spatch but on the other hand provides "automatic"
> fixing.
>
> Just my two cents.
>
> PeterH
>
>
Thanks for the input. Automated patching with Coccinelle and the like,
and pointers to get folks started with these tools would be a great
addition.
--
Regards,
Corey Bryant
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [kernel-hardening] Secure Open Source Project Guide
2013-02-01 14:17 ` Solar Designer
@ 2013-02-01 14:41 ` Corey Bryant
2013-02-01 15:08 ` Solar Designer
0 siblings, 1 reply; 14+ messages in thread
From: Corey Bryant @ 2013-02-01 14:41 UTC (permalink / raw)
To: Solar Designer
Cc: kernel-hardening, Kees Cook, Anthony Liguori, Frank Novak,
George Wilson, Joel Schopp, Kevin Wolf, Warren Grunbok II
On 02/01/2013 09:17 AM, Solar Designer wrote:
> Corey, Kees, all -
>
> Why don't we bring this to the oss-security mailing list? I think this
> topic is not in any way specific nor limited to the Linux kernel. There
> are ~10x more people on oss-security than on kernel-hardening, and this
> topic is a better fit for oss-security than for kernel-hardening. There
> is a wiki for the oss-security group, where such content is welcome.
> Anyone can register for an account and edit.
>
> Info on the oss-security mailing list:
>
> http://oss-security.openwall.org/wiki/mailing-lists/oss-security
>
> Subscribe here:
>
> http://oss-security.openwall.org/subscribe
>
> (Of course, Kees and many others in here are already on oss-security as
> well. Not all, though.)
>
> On Thu, Jan 31, 2013 at 04:10:03PM -0500, Corey Bryant wrote:
>> We should probably start by gathering a list of ideas to include in the
>> guide. Some initial ideas that come to mind are:
>>
>> * Secure programming practices (Secure "Programming for Linux
>> and Unix HOWTO" is a good reference for Linux though probably
>> out of date)
>
> CERT's Secure Coding resources are more current, but they're focused on
> programming languages and I think they don't cover operating system
> specific pitfalls (e.g., Linux netlink).
>
>> * Performing secure code reviews and detecting common
>> vulnerabilities
>> * Ensuring code is reviewed by trusted parties and proper patch
>> tagging is used
>> * Signing of releases, pull requests, patches, commits, etc by
>> trusted parties
>> * Removing vulnerabilities with automated tooling (Static/Dynamic
>> analysis, Fuzzing)
>
> We have some relevant links here:
>
> http://oss-security.openwall.org/wiki/
>
> and more specifically:
>
> http://oss-security.openwall.org/wiki/tools
> http://oss-security.openwall.org/wiki/links
> http://oss-security.openwall.org/wiki/code-reviews
>
> More content (and better organization of content) on the oss-security
> wiki is welcome - including on all topics you listed above.
>
> Thanks,
>
> Alexander
>
>
Thanks Alexander. I agree, this really is targeting OSS in general so I
think it makes sense to move to the oss-security mailing list and wiki.
Is anyone opposed to this or have a better idea?
And maybe we can find a good place to link to our Linux Security
Workgroup wiki on the OSS wiki:
http://kernsec.org/wiki/index.php/Linux_Security_Workgroup
--
Regards,
Corey Bryant
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [kernel-hardening] Secure Open Source Project Guide
2013-02-01 14:41 ` Corey Bryant
@ 2013-02-01 15:08 ` Solar Designer
2013-02-05 18:37 ` Corey Bryant
2013-02-06 7:02 ` Shawn
0 siblings, 2 replies; 14+ messages in thread
From: Solar Designer @ 2013-02-01 15:08 UTC (permalink / raw)
To: Corey Bryant
Cc: kernel-hardening, Kees Cook, Anthony Liguori, Frank Novak,
George Wilson, Joel Schopp, Kevin Wolf, Warren Grunbok II
On Fri, Feb 01, 2013 at 09:41:55AM -0500, Corey Bryant wrote:
> Thanks Alexander. I agree, this really is targeting OSS in general so I
> think it makes sense to move to the oss-security mailing list and wiki.
> Is anyone opposed to this or have a better idea?
>
> And maybe we can find a good place to link to our Linux Security
> Workgroup wiki on the OSS wiki:
> http://kernsec.org/wiki/index.php/Linux_Security_Workgroup
For now, we can add it to:
http://oss-security.openwall.org/wiki/links
Please feel free to do that. And yes, maybe we can find/add a better
place for links to closely related projects maintained by people who are
also active in the oss-security group. Maybe have a Related Projects
section right on the main oss-security wiki page?
Alexander
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [kernel-hardening] Secure Open Source Project Guide
2013-01-31 19:30 ` Anthony Liguori
2013-02-01 14:33 ` Corey Bryant
@ 2013-02-05 18:34 ` Corey Bryant
2013-02-05 23:09 ` Solar Designer
1 sibling, 1 reply; 14+ messages in thread
From: Corey Bryant @ 2013-02-05 18:34 UTC (permalink / raw)
To: Anthony Liguori
Cc: kernel-hardening, Kees Cook, Frank Novak, George Wilson,
Joel Schopp, Kevin Wolf, Warren Grunbok II
On 01/31/2013 02:30 PM, Anthony Liguori wrote:
> Kees Cook <keescook@chromium.org> writes:
>
>> On Thu, Jan 31, 2013 at 7:34 AM, Corey Bryant <coreyb@linux.vnet.ibm.com> wrote:
>>> In light of events like this http://lwn.net/Articles/535149/ "China, GitHub
>>> and the man-in-the-middle (Greatfire)", we are thinking that a guide for
>>> securing open source projects is needed. For example, recommending pull
>>> requests or commits be PGP signed are a few things we've discussed that
>>> could defend against a MITM attack inserting malicious code.
>>>
>>> Does anyone have any thoughts as to where we could publish such a guide?
>>> Perhaps the Linux Foundation?
>>>
>>> I believe we have the resources on this mailing list to work through the
>>> details and put together a succinct guide that we could take to a wider
>>> audience.
>>
>> Yeah, sounds good. I think we could easily use the kernel-security
>> wiki to work on it initially, and if it needs a different home in the
>> end, we can move it then.
>
> If someone picks a home, I'll do a brain dump of some of my concerns and
> what I think can be done about it.
>
> Regards,
>
> Anthony Liguori
>
I haven't heard any objections to using the oss-security wiki to host
the guide, so I've created a page here. A brain dump would be a much
appreciated start to get things moving. Thanks!
http://oss-security.openwall.org/wiki/secure-oss-dev-guide
--
Regards,
Corey Bryant
>>
>> -Kees
>>
>> --
>> Kees Cook
>> Chrome OS Security
>
>
>
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [kernel-hardening] Secure Open Source Project Guide
2013-02-01 15:08 ` Solar Designer
@ 2013-02-05 18:37 ` Corey Bryant
2013-02-06 7:02 ` Shawn
1 sibling, 0 replies; 14+ messages in thread
From: Corey Bryant @ 2013-02-05 18:37 UTC (permalink / raw)
To: Solar Designer
Cc: kernel-hardening, Kees Cook, Anthony Liguori, Frank Novak,
George Wilson, Joel Schopp, Kevin Wolf, Warren Grunbok II
On 02/01/2013 10:08 AM, Solar Designer wrote:
> On Fri, Feb 01, 2013 at 09:41:55AM -0500, Corey Bryant wrote:
>> Thanks Alexander. I agree, this really is targeting OSS in general so I
>> think it makes sense to move to the oss-security mailing list and wiki.
>> Is anyone opposed to this or have a better idea?
>>
>> And maybe we can find a good place to link to our Linux Security
>> Workgroup wiki on the OSS wiki:
>> http://kernsec.org/wiki/index.php/Linux_Security_Workgroup
>
> For now, we can add it to:
>
> http://oss-security.openwall.org/wiki/links
Thanks, I've added a link here.
>
> Please feel free to do that. And yes, maybe we can find/add a better
> place for links to closely related projects maintained by people who are
> also active in the oss-security group. Maybe have a Related Projects
> section right on the main oss-security wiki page?
Yeah that might be a good way to organize related projects rather than
throwing them on a links page.
>
> Alexander
>
--
Regards,
Corey Bryant
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [kernel-hardening] Secure Open Source Project Guide
2013-02-05 18:34 ` Corey Bryant
@ 2013-02-05 23:09 ` Solar Designer
0 siblings, 0 replies; 14+ messages in thread
From: Solar Designer @ 2013-02-05 23:09 UTC (permalink / raw)
To: Corey Bryant, kernel-hardening
Cc: Anthony Liguori, Kees Cook, Frank Novak, George Wilson,
Joel Schopp, Kevin Wolf, Warren Grunbok II
On Tue, Feb 05, 2013 at 01:34:18PM -0500, Corey Bryant wrote:
> I haven't heard any objections to using the oss-security wiki to host
> the guide, so I've created a page here. A brain dump would be a much
> appreciated start to get things moving. Thanks!
>
> http://oss-security.openwall.org/wiki/secure-oss-dev-guide
This is a good start, although I'd call the page "development",
"development-guide", "secure-development", or maybe even
"secure-development-guide" for search engine friendliness. ;-)
We already have "oss" and "security" in the URL anyway, so the
non-redundant words are only "development" and "guide" (can omit the
latter since it's less informative). ;-)
On a more serious note, I think you need to announce this on the
oss-security mailing list.
Thanks,
Alexander
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [kernel-hardening] Secure Open Source Project Guide
2013-02-01 15:08 ` Solar Designer
2013-02-05 18:37 ` Corey Bryant
@ 2013-02-06 7:02 ` Shawn
1 sibling, 0 replies; 14+ messages in thread
From: Shawn @ 2013-02-06 7:02 UTC (permalink / raw)
To: kernel-hardening
Cc: Corey Bryant, Kees Cook, Anthony Liguori, Frank Novak,
George Wilson, Joel Schopp, Kevin Wolf, Warren Grunbok II
hi security guys,
On Fri, Feb 1, 2013 at 11:08 PM, Solar Designer <solar@openwall.com> wrote:
>
> On Fri, Feb 01, 2013 at 09:41:55AM -0500, Corey Bryant wrote:
> > Thanks Alexander. I agree, this really is targeting OSS in general so I
> > think it makes sense to move to the oss-security mailing list and wiki.
> > Is anyone opposed to this or have a better idea?
> >
> > And maybe we can find a good place to link to our Linux Security
> > Workgroup wiki on the OSS wiki:
> > http://kernsec.org/wiki/index.php/Linux_Security_Workgroup
>
> For now, we can add it to:
>
> http://oss-security.openwall.org/wiki/links
>
> Please feel free to do that. And yes, maybe we can find/add a better
> place for links to closely related projects maintained by people who are
> also active in the oss-security group. Maybe have a Related Projects
> section right on the main oss-security wiki page?
>
I'm newbie in security field and I putted one article about open
source security stuff in QA process on the wiki page. Hope it matched
the correct topic! If it does bothers, please free feel to delete it.
--
GNU powered it...
GPL protect it...
God blessing it...
regards
Shawn
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2013-02-06 7:02 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-01-31 15:34 [kernel-hardening] Secure Open Source Project Guide Corey Bryant
2013-01-31 18:37 ` Kees Cook
2013-01-31 19:30 ` Anthony Liguori
2013-02-01 14:33 ` Corey Bryant
2013-02-05 18:34 ` Corey Bryant
2013-02-05 23:09 ` Solar Designer
2013-01-31 21:10 ` Corey Bryant
2013-01-31 23:18 ` Peter Huewe
2013-02-01 14:36 ` Corey Bryant
2013-02-01 14:17 ` Solar Designer
2013-02-01 14:41 ` Corey Bryant
2013-02-01 15:08 ` Solar Designer
2013-02-05 18:37 ` Corey Bryant
2013-02-06 7:02 ` Shawn
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.