Hi, I am a PhD student at Deakin University. I am also a recent member to the Debian testing security team. As part of my research I have been looking at Linux security.

Debian maintain a security tracker http://security-tracker.debian.org/tracker/ . I think RHEL maintains security tracking but I do not know the details. Fedora as far as I know do not publicly and actively maintain security tracking once an advisory is released.

A simple report I generated last year was tracking of packages and the CVEs that they reference in an advisory. I did that by scraping the public mailing list archive of advisories/updates and grepping for CVE references. I have made a report from last year publicly available https://github.com/silviocesare/Privileged-Programs/blob/master/SecurityAdvisories/Fedora/SecurityAdvisories.txt . This might be useful on the Fedora wiki.

A report I made of Debian's SUID/SGID programs from all packages in the repository is here https://github.com/silviocesare/Privileged-Programs/tree/master/Debian5.05 . I suspect Fedora already has such a list in line with the Fedora 15 target of removing SUID/SGID programs from the distribution.

Another report I made which may or may not be useful to the security team is a list of packages between Debian and Fedora that are roughly equivalent, irrespective of what the package names are https://github.com/silviocesare/Equivalent-Packages/blob/master/NearestNeighbour/Debian5_Fedora13_Matches . There are some false positives and false negatives due to the fact that the list is automatically generated. This equivalent packages list might be useful on the Fedora wiki even if it's not a fit in the security section. I will do another report for Fedora 14 against more Linux distributions if there is interest.

These links are just small things I've been working on, but I hope someone in the Fedora project may find them useful. I should also note that this work is all rather preliminary for now.

Please CC me on responses and if there is a more active or appropriate forum to raise these types of discussions then please advise.