Making Fedora more secure, a 90-day goal.

Eric Christensen echriste at redhat.com
Thu Apr 2 17:05:32 UTC 2015


On Thursday, April 02, 2015 10:47:59 AM Eric Christensen wrote:
>   * Team Goal: All important CVEs from 2014 and before should be fixed
>     by the end of June.

During today's meeting we talked about the number of open CVEs, as normal.  
But, really, it's annoying to see the number of critical and important bugs 
just sitting there not getting any traction.

Right now there is one critical CVE and 46 important CVEs open against either 
a package in Fedora or EPEL.  These are CVEs that should have been addressed 
long ago and I'm, quite frankly, tired of looking at them.

With your help, I won't have to look at them ever again.  During today's 
meeting we set a goal of closing out all important CVEs (Jared is already 
working on the critical CVE) that are circa 2014 and earlier by the end of 
June.  That means we have three months to figure out 38 CVEs[0].

It won't be easy but it's completely doable.

To help encourage FST members to participate, the top three FST members who 
help close these bugs will get a prize of some sort.  Heck, we might be able 
to do something for everyone involved if we get all the critical and important 
CVEs disposed of by the end of June.

Now lets go get serious about this!  Game on!

[0] http://red.ht/1ELtwA5

--Eric
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.fedoraproject.org/pipermail/security-team/attachments/20150402/962fca4c/attachment.sig>


More information about the security-team mailing list