From owner-freebsd-security@FreeBSD.ORG Tue Aug 12 08:31:21 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 25EE537B42B for ; Tue, 12 Aug 2003 08:31:21 -0700 (PDT) Received: from amsfep11-int.chello.nl (amsfep11-int.chello.nl [213.46.243.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id 448D143FE9 for ; Tue, 12 Aug 2003 08:31:11 -0700 (PDT) (envelope-from dodell@sitetronics.com) Received: from internal ([213.46.141.159]) by amsfep11-int.chello.nl (InterMail vM.5.01.05.17 201-253-122-126-117-20021021) with ESMTP id <20030812153110.VEFE11121.amsfep11-int.chello.nl@internal>; Tue, 12 Aug 2003 17:31:10 +0200 From: "Devon H. O'Dell" To: Date: Tue, 12 Aug 2003 17:30:44 +0200 Organization: SiteTronics Message-ID: <00bc01c360e6$b2ac0b70$9f8d2ed5@internal> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4510 In-Reply-To: <000201c360e4$9a450390$0304a8c0@delllaptop> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal cc: security@freebsd.org Subject: RE: realpath(3) et al X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Aug 2003 15:31:22 -0000 Well, not only would it save companies money, but it would be beneficial = for FreeBSD and system administrators as well. I know several administrators = who are forced to work with Linux because it is "certified" and "more widely supported" than "any of the BSDs". This is, of course, absolute crap, = but without any audit certifications, companies are less likely to even take = a peek into what FreeBSD can offer. I'd personally be willing to contribute a bit of money (probably even = more as I come to have it). However, I do not feel comfortable donating this money saying, "Here's $150, use it for a certification." and then = needing not knowing if/when others will be doing the same. There needs to be an initiative from the FreeBSD group to get this started -- people need to = be able to click a button on the front page of freebsd.org and be able to donate as much money as they want (or find out where to send a check). In any case, 150 companies donating $1,000 would only cover 10% of the = money needed for this certification. I don't know how many companies are using FreeBSD nor do I know their interests in helping with the evolution of FreeBSD; I would guess, however, that there are enough companies and = private parties who would be able to fund this type of project. It would be beneficial to them (as you've just proven) and to the project overall. Should I propose this on freebsd-audit? Is there any way I can help = other than via a monetary contribution? I'd like to do both. Kind regards, Devon H. O'Dell Systems and Network Engineer Simpli, Inc. Web Hosting http://www.simpli.biz > -----Oorspronkelijk bericht----- > Van: owner-freebsd-security@freebsd.org [mailto:owner-freebsd- > security@freebsd.org] Namens Chris Odell > Verzonden: Tuesday, August 12, 2003 5:16 PM > Aan: 'Devon H. O'Dell' > CC: security@freebsd.org > Onderwerp: RE: realpath(3) et al >=20 >=20 > Corporations - INTERNET Companies... >=20 > If you look at the big picture, having a O.S. that has been audited > for issues would actually be cost effective for them. Having to patch = a > machine that is in service causes downtime. >=20 > Lets see - >=20 > Each machine takes ten (10) minutes of human work to drop into = single > user mode and install new binaries/kernels >=20 > The company has one thousand (1000) machines >=20 > That comes to ten thousand (10000) minutes, broken down to hours - = 167 > Hours >=20 > The average admin say is making forty five (45) dollars a hour - = over > $7000.00 - not including taxes paid by employer. >=20 > So if one hundred fifty companies donated one thousand dollars = (1000) > it would save them downtime, payroll, and taxes. >=20 > Just a rough estimate and my 2 cents >=20 >=20 > Chris Odell > chris@redstarnetworks.net >=20 >=20 > -----Original Message----- > From: owner-freebsd-security@freebsd.org > [mailto:owner-freebsd-security@freebsd.org] On Behalf Of Devon H. = O'Dell > Sent: Tuesday, August 12, 2003 7:42 AM > To: 'Brooks Davis' > Cc: security@freebsd.org > Subject: RE: realpath(3) et al >=20 >=20 > Okay, so where do we begin with taking contributions? >=20 > Devon >=20 > > -----Oorspronkelijk bericht----- > > Van: owner-freebsd-security@freebsd.org [mailto:owner-freebsd- > > security@freebsd.org] Namens Brooks Davis > > Verzonden: Tuesday, August 12, 2003 4:38 PM > > Aan: Devon H. O'Dell > > CC: security@freebsd.org > > Onderwerp: Re: realpath(3) et al > > > > On Tue, Aug 12, 2003 at 10:24:16AM +0200, Devon H. O'Dell wrote: > > > What sorts of security standards commissions are there, how much > > > does getting "standards certified" cost, and where should we = start? > > > > I think the ballpark number I heard for a minimal certification = under > > Common Criteria was $1.5m. > > > > -- Brooks >=20 > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" >=20 > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security- > unsubscribe@freebsd.org"