Fedora Security SIG Update
Joerg Simon
jsimon at fedoraproject.org
Tue Jul 9 18:29:02 UTC 2013
On 09.07.2013 15:33, Eric H. Christensen wrote:
> For code audits, we're really not sure where to start. We want to
> involve the community in this project, but honestly, we're not
> totally sure what that means.
...
> We look forward to your help.
starting with establishing values and metrics maybe can help - e.g.
osstmm rav with scare? I tried to integrate ISECOMĀ“s scare (Source Code
Analysis Risk Evaluation) into the Fedora Security Lab, but because
scare is licenced cc-by-nd as a software licence we could not.
Even if it is not the newest, the Secure Programming Standards
Methodology Manual SPSMM is maybe also worth a look.
http://www.isecom.org/research/osstmm.html
http://www.isecom.org/research/spsmm.html
http://www.isecom.org/research/scare.html
cu Joerg
--
Joerg (kital) Simon
jsimon at fedoraproject.org
http://fedoraproject.org/wiki/JoergSimon
http://kitall.blogspot.com
Key Fingerprint:
3691 0989 2DCA 58A2 8D1F 2CAC C823 558E 5B5B 5688
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/security/attachments/20130709/d375600c/attachment.sig>
More information about the security
mailing list