Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Mon, 2 Jun 2008 19:41:05 +0200
From: Nico Golde <oss-security+ml@...lde.de>
To: oss-security@...ts.openwall.com
Subject: Re: code reviews (was: ARP handler Inspection tool released)

Hi Andrea,
* Andrea Barisani <lcars@...rt.org> [2008-06-02 19:17]:
> On Mon, Jun 02, 2008 at 06:53:20PM +0200, Nico Golde wrote:
> > At least for Debian there is an audit project 
> > (http://www.debian.org/security/audit/) which is not really 
> > active anymore though. As far as I know Gentoo has a similar 
> > project. What about replacing those by an oss-security-audit 
> > project? I don't think oCert is the solution to audit 
> > requests as it simply lacks of enough manpower to do that in 
> > an organized fashion.
> 
> With all due respect, how exactly do you know that? :)

Just a wild guess, audits are time consuming and you are all 
employed ;)
This was in no way meant to discredit oCert lacking of 
manpower in general. I just didn't had the impression you 
guys have the time to focus on source code audits in the 
first place but mostly on coordination. Sorry if this is 
wrong!

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@...ber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux