>
> brilliant idea, especially the secure coding education. There needs to
> be better guidance on problems, with real examples of code that are
> wrong, how one can exploit the flaw and what the correct way is to
> code something to prevent it from being exploitable.
> This should also include examples of proper logging and graceful
> shutdown, versus crashing.
>
> Also, there should be examples for c/c++, python,php, ruby, or
> whatever else, makes everyone's boats float.
OWASP has these on their site already. Perhaps we just need to point
people in the right direction?
OWASP has some information, they don't have everything. I generally don't
see a lot of OWASP overlap in the open source universe. I'm unsure why this
is.
OWASP does have a lot of really good content, nobody can deny that.
> Maybe adding advice on securing services should also be covered.
This would be helpful. I'm not sure if we have something like this
already, but if not, then I have found the idea of the Gentoo security
handbook to be a good one that perhaps we could be inspired by.
We have a Fedora Security guide. As they say, patches welcome :)
If you're interested, please do get involved. The guide can always use
content.