Date: Wed, 22 Jul 1998 18:01:15 -0400 (EDT) From: Adam Shostack <adam@homeport.org> To: andrewr@slack.net (andrewr) Cc: security@FreeBSD.ORG Subject: Re: Projects to improve security (related to C) Message-ID: <199807222201.SAA28072@homeport.org> In-Reply-To: <Pine.NEB.3.96.980722162742.24981A-100000@brooklyn.slack.net> from andrewr at "Jul 22, 98 04:29:10 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
| > The biggest problem before was that many people doing the audit didn't | > know what to look for, so missed a lot of things..... | | Which is why I am going to ask people who I know for sure know what to | look for. Could I suggest that rather than insist on getting skilled people, you consider offering help to volunteers? Something like my review guidelines (which need more on temp races) can let someone without a lot of knowlege contribute first pass, so you can focus your good people on the uglier code. A complete audit takes years of work by a few highly skilled and dedicated people, but reading the Open- cvs logs and seeing if the changed code exists in Free- is not a high skill task. And its where a lot of high payoff results will be. You might also want to listen to the linux audit project folks, to see how they're addressing things. The list is ezmlm run at security-audit-subscribe@ferret.lmh.ox.ac.uk Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807222201.SAA28072>