Date: Sat, 18 Jan 2025 09:06:16 GMT From: Sergio Carlavilla Delgado <carlavilla@FreeBSD.org> To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org Subject: git: 0dd207df41 - main - Website - Status: Add FF security audit report Message-ID: <202501180906.50I96G58006409@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by carlavilla: URL: https://cgit.FreeBSD.org/doc/commit/?id=0dd207df41392d0a22563f7689899e5e82433d94 commit 0dd207df41392d0a22563f7689899e5e82433d94 Author: Joseph Mingrone <jrm@FreeBSD.org> AuthorDate: 2025-01-18 09:04:58 +0000 Commit: Sergio Carlavilla Delgado <carlavilla@FreeBSD.org> CommitDate: 2025-01-18 09:04:58 +0000 Website - Status: Add FF security audit report Reviewed by: emaste@, Pau Amma <pauamma@gundo.com>, Chris Moerz <freebsd@ny-central.org> Differential Revision: https://reviews.freebsd.org/D48447 --- .../foundation-security-audit.adoc | 33 ++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/website/content/en/status/report-2024-10-2024-12/foundation-security-audit.adoc b/website/content/en/status/report-2024-10-2024-12/foundation-security-audit.adoc new file mode 100644 index 0000000000..8b59947248 --- /dev/null +++ b/website/content/en/status/report-2024-10-2024-12/foundation-security-audit.adoc @@ -0,0 +1,33 @@ +=== Security Audits + +Contact: Ed Maste <emaste@FreeBSD.org> + +Contact: Alice Sowerby<alice@freebsdfoundation.org> + +The project began in Q2 of 2024 and was funded by Alpha Omega with a budget of $137,500, which was used over about six months and is now complete. +The focus was on conducting a code audit for key subsystems, bhyve and Capsicum, as well as performing a security audit of the development process. +The funds were used to hire a specialist offensive security firm to perform the code audit, to contract developers to address issues found, and for Foundation staff's work on both audits. + +Q4 update + +The project is complete. + +The Code Audit and link:https://freebsdfoundation.org/wp-content/uploads/2024/11/2024_Code_Audit_Capsicum_Bhyve_FreeBSD_Foundation.pdf[subsequent reports] were released after the related Security Advisories were published. + +The Process Audit is complete. +It was created by FreeBSD Foundation staff who ran an outreach exercise to gather information about the current FreeBSD development process. +The teams consulted were: Security Team, Source Management Team, Cluster Administrators, Release Engineering Team. + +Information was gathered through an online long-form survey which was structured around existing frameworks for analysing security in software development. +Teams were asked to describe current development processes and appraise the current security practices, as well as to make suggestions for improvements. + +The responses were collated and synthesised into the report by Foundation staff. +The report was reviewed for accuracy by the original respondents. + +The report will now be made available to the Security Team and other teams previously mentioned, as well as to the Foundation executive team. +This will be a useful tool in identifying areas for investment and prioritisation going forward as more security projects are planned and funded. + +The report is intended primarily for FreeBSD Project and Foundation planning purposes and as such there is no plan to promote it to an external audience. +Interested readers should contact the Security Team to request a copy of the report. + +To learn about the project, and to see historical monthly updates visit: link:https://github.com/ossf/alpha-omega/tree/main/alpha/engagements/2024/FreeBSD[]. + +Sponsor: link:https://alpha-omega.dev/[Alpha Omega Project]
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202501180906.50I96G58006409>