Hello Debian auditing folks,
My name is Tim Dafoe; I'm working on some research for the Government of
Ontario, up
here in Ontario, Canada regarding security and various Open Source projects.
I'm looking
for information regarding proactive efforts (such as those I've seen in
other OSS groups) in
the Debian project for vulnerability detection, code audit, etc. --
including how your auditing
team conducts the work (i.e. module by module, according to a schedule, or
through some
other means) and the frequency of reviews. I'm aware of OpenBSD doing
something that is
along these lines and I'm trying to determine who else is being similarly
proactive with audit.
Are you able to share any information at this time? I'd appreciate any
insight as to current
project security efforts as it informs certain projects we are participating
in.
Cheers, and thank you,
Tim Dafoe
-- Tim Dafoe, CISSP / ISSAP <tim.dafoe_at_mbs.gov.on.ca> Security Design Lead Corporate Security / Office of the Corporate CIO +1 (416) 327-1260Received on Wed Dec 08 2004 - 21:49:20 GMT