Comments on Documentation Idea
Thomas Jones
admin at buddhalinux.com
Fri Apr 29 23:56:16 UTC 2005
Paul W. Frields wrote:
> On Fri, 2005-04-29 at 13:21 -0700, tuxxer wrote:
>
>>On Fri, 2005-04-29 at 20:56 +0100, Timothy Murphy wrote:
>>
>>>Paul W. Frields wrote:
>>>
>>>
>>>>(2) be Fedora-specific enough to give value over some of the other more
>>>>standardized security guides; and
>>>
>>>What are these "standardized security guides"?
>>>
>>
>>I think he's talking about the general, high-level stuff you might get
>>if you googled "linux security" or something.
>
>
> Sure, but also things like "Practical UNIX and Internet Security,
> "Computer Security: Art & Science," Gollmann's "Computer Security," and
> such.
>
>
Personally, I would consider "standardized security guides" within the
realm of the following sources:
Information Assurance Technology Framework Release 3.1, National
Security Agency
Automated Tools for Testing Computer System Vulnerability, NIST Special
Publication 800-6
Establishing a Computer Security Incident Response Capability(CSIRC),
NIST Special Publication 800-3
A great many(granted not all) security resources written today is full
of fluff and doesn't recognize or even mention industry standards or
procedures. To tell you the truth, i've found that CS research
papers(available from NEC) seem to contain more relevant content than
alot of the published books. IMHO.
I've got a basic content done for the first release. I just need to
determine the most efficient way to structure the content for the
intended audience.
Tuxxer: This is where I could use some help. If you've got the time ---
drop me a line --- i'd like to forward to you my sources to look over.
Also I wanted to review your list of intended documentation so that we
can assure that we don't overlap content.
I am pretty sure the docs will be top notch stuff --- but then again I
am pretty bias ;)
Thomas
More information about the docs
mailing list