[kernel-hardening] Re: Linux Security Workgroup

[Corey Bryant <coreyb@linux.vnet.ibm.com>]

On 10/02/2012 12:23 PM, Kees Cook wrote:
> On Thu, Sep 27, 2012 at 12:26 PM, Corey Bryant
> <coreyb@linux.vnet.ibm.com> wrote:
>> At the Linux Security Summit we began discussing the Linux Security
>> Workgroup and some of the efforts that we can focus on.
>>
>> The charter of the workgroup is to provide on-going security
>> verification of Linux kernel subsystems in order to assist in securing the
>> Linux Kernel and maintain trust and confidence in the security of the Linux
>> ecosystem.
>>
>> This may include, but is not limited to, topics such as tooling to assist in
>> securing the Linux Kernel, verification and testing of critical subsystems
>> for vulnerabilities, security improvements for build tools, and providing
>> guidance for maintaining subsystem security.
>
> Thanks for getting this rolling!
>
> What are the next steps? Does it make sense to try to gather a list of
> active projects to try and see where things currently stand? (i.e who
> is actively running smatch, trinity, etc?) Or to call attention to a
> specific subsystem that needs direct auditing (e.g. KVM)?
>
> -Kees
>

No problem, thanks for the input!

I think having a list of active projects is a good place to start.

Perhaps we can also add desired projects to this list, and if anyone has 
cycles to cover a project they can put their name to the project.

I'm personally trying to get time allocated to work on KVM fuzzing 
and/or static analysis in 2013.

A wiki probably makes sense for the list.  Google sites has wikis.  I 
can start one there unless there are other ideas.

-- 
Regards,
Corey Bryant