http://oss-security.openwall.org/wiki/ 2010-03-10T03:06:13-08:00 FeedCreator 1.7.2-ppt DokuWiki 2010-02-09T10:33:40-08:00 2010-02-09T10:33:40-08:00 2010-02-09T10:33:40-08:00 http://oss-security.openwall.org/wiki/disclosure?rev=1265740420&do=diff Solar Designer

Flaw Disclosure Anytime an individual discovers a security flaw, there are certain steps that should be taken to ensure that the details of the flaw are disclosed in a responsible and acceptable manner. Reporting a flaw in open source software poses a number of unique challenges compared to the closed source counterparts.

2010-01-29T08:31:10-08:00 2010-01-29T08:31:10-08:00 2010-01-29T08:31:10-08:00 http://oss-security.openwall.org/wiki/software?rev=1264782670&do=diff Solar Designer

This is a list of various open source software projects with links to security contacts for the project. Please only list those projects that do have a security contact to list! The contact may be an email address or a web page with more information.

2010-01-14T14:11:43-08:00 2010-01-14T14:11:43-08:00 2010-01-14T14:11:43-08:00 http://oss-security.openwall.org/wiki/vendors?rev=1263507103&do=diff Armin kuster

This page lists security contacts, bug tracker links, links to advisories, etc. for various open source-providing vendors, such as distributors of Linux, *BSD, and other related operating systems. When adding to this page, please include the following vendor information:

2009-12-16T07:56:47-08:00 2009-12-16T07:56:47-08:00 2009-12-16T07:56:47-08:00 http://oss-security.openwall.org/wiki/mailing-lists/vendor-sec?rev=1260979007&do=diff Solar Designer

vendor-sec (<vendor [dash] sec [at] lst [dot] de>) is a mailing list dedicated to distributors of operating systems using (but not necessarily solely comprised of) free and open-source software. The list is used to discuss potential distribution element (kernel, libraries, applications) security vulnerabilities, as well as to co-ordinate the release of security updates by members.

2009-10-13T15:23:18-08:00 2009-10-13T15:23:18-08:00 2009-10-13T15:23:18-08:00 http://oss-security.openwall.org/wiki/mailing-lists/oss-security?rev=1255472598&do=diff Solar Designer

Group Purpose The purpose of the Open Source Security (oss-security) group is to encourage public discussion of security flaws, concepts, and practices in the Open Source community. The members of this group include, but are not limited to Open Source projects, distributors, researchers, and developers.

2009-09-23T03:05:25-08:00 2009-09-23T03:05:25-08:00 2009-09-23T03:05:25-08:00 http://oss-security.openwall.org/wiki/tools?rev=1253700325&do=diff Sebastian Krahmer

This page will give you some hints about which tools might be used to gather useful information during a code review such as debuggers, static and dynamic code analysis tools etc. cscope With the help of cscope, reviewers can comfortable search for symbols in the source code of programs. It allows to search for definitions/declarations and calls of certain functions, macro definitions etc.. Most Linux and BSD distributions ship cscope.

2009-09-23T03:01:12-08:00 2009-09-23T03:01:12-08:00 2009-09-23T03:01:12-08:00 http://oss-security.openwall.org/wiki/code-reviews?rev=1253700072&do=diff Sebastian Krahmer

This page will hopefully soon consist of many code review reports with proper description of project/version/architecture/possible flaws and security relevant patches. As a start, I will add some packages which are common across a lot of Linux distributions and have been identified as a potential risk since they either run privileged or with network input. Feel free to add other OS's or move to another, separate, page. The intention is NOT to enumerate all possibly problematic packages such as …