Date: Tue, 28 Jul 1998 15:04:04 -0400 (EDT) From: Pat Lynch <lynch@rush.net> To: Adam Shostack <adam@homeport.org> Cc: andrewr <andrewr@slack.net>, security@FreeBSD.ORG Subject: Re: Projects to improve security (related to C) Message-ID: <Pine.BSF.3.96.980728145803.669F-100000@bytor.rush.net> In-Reply-To: <199807222201.SAA28072@homeport.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Sorry I'm reentering this converstaion so late, I had oral surgery and have been playing catchup ever since... theres a couple of good ideas here.... 1) to assign simple auditing tasks like looking over code for the more obvious things 2) to assign groups parts of the tree to look at as well 3) the more "skilled" coders to work out the hairier bits (which I know myself am not qualified for, but might have a couple of people working for me who are, and use FreeBSD as much as I do) This could be a really good project with a really good project leader and a few coordinators. ___________________________________________________________________________ Pat Lynch lynch@rush.net Systems Administrator Rush Networking ___________________________________________________________________________ On Wed, 22 Jul 1998, Adam Shostack wrote: > > | > The biggest problem before was that many people doing the audit didn't > | > know what to look for, so missed a lot of things..... > | > | Which is why I am going to ask people who I know for sure know what to > | look for. > > > Could I suggest that rather than insist on getting skilled > people, you consider offering help to volunteers? Something like my > review guidelines (which need more on temp races) can let someone > without a lot of knowlege contribute first pass, so you can focus your > good people on the uglier code. A complete audit takes years of work > by a few highly skilled and dedicated people, but reading the Open- > cvs logs and seeing if the changed code exists in Free- is not a high > skill task. And its where a lot of high payoff results will be. > > You might also want to listen to the linux audit project > folks, to see how they're addressing things. The list is ezmlm run at > security-audit-subscribe@ferret.lmh.ox.ac.uk > > Adam > > > > > -- > "It is seldom that liberty of any kind is lost all at once." > -Hume > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980728145803.669F-100000>