Fedora Security SIG Update
Josh Bressers
bressers at redhat.com
Tue Jul 9 18:52:45 UTC 2013
>
> starting with establishing values and metrics maybe can help - e.g.
> osstmm rav with scare? I tried to integrate ISECOMĀ“s scare (Source Code
> Analysis Risk Evaluation) into the Fedora Security Lab, but because
> scare is licenced cc-by-nd as a software licence we could not.
> Even if it is not the newest, the Secure Programming Standards
> Methodology Manual SPSMM is maybe also worth a look.
>
> http://www.isecom.org/research/osstmm.html
> http://www.isecom.org/research/spsmm.html
> http://www.isecom.org/research/scare.html
>
I think using whatever exists is ideal, but in this instance we can't
really use those things (we may be able to build some similar things
ourselves though).
This is one of the challenges we currently see in this area. There are A
LOT of programs and projects and resources, but some aren't well licensed.
Some are expensive, some are just plain bad. If someone knows of a good
resource, be sure to speak up. The whole goal here is to keep communication
flowing in the security space.
If you know of something interesting, be sure to speak up.
Thanks.
--
Josh Bressers / Red Hat Product Security Team
More information about the security
mailing list