DHS Open Source Hardening Project
Bruno Wolff III
bruno at wolff.to
Tue May 20 16:01:52 UTC 2008
On Tue, May 20, 2008 at 09:58:28 -0400,
"McGuffey, David C." <DAVID.C.MCGUFFEY at saic.com> wrote:
>
> So...in light of those two big glaring problems/failures, automation is
> being attempted on a number of fronts, with the DHS program apparently
> being only one.
The automation part only flags the questionable spots that need to be
looked at and provide a hint as to what to look for. Someone still has
to wade through all of reports to see which things are really a problem.
> Since I'm actively using Fedora at home and in an office lab, I was very
> interested in whether the DHS (or any) tool development program was
> providing a benefit to the open source community, and the security of
> the resultant products.
The NSA's SELinux contribution is pretty significant, though I don't know
if DHS is funding any of the ongoing work with it.
More information about the users
mailing list