On 09.07.2013 15:33, Eric H. Christensen wrote: > For code audits, we're really not sure where to start. We want to > involve the community in this project, but honestly, we're not > totally sure what that means. ... > We look forward to your help. starting with establishing values and metrics maybe can help - e.g. osstmm rav with scare? I tried to integrate ISECOM´s scare (Source Code Analysis Risk Evaluation) into the Fedora Security Lab, but because scare is licenced cc-by-nd as a software licence we could not. Even if it is not the newest, the Secure Programming Standards Methodology Manual SPSMM is maybe also worth a look. http://www.isecom.org/research/osstmm.html http://www.isecom.org/research/spsmm.html http://www.isecom.org/research/scare.html cu Joerg -- Joerg (kital) Simon jsimon@xxxxxxxxxxxxxxxxx http://fedoraproject.org/wiki/JoergSimon http://kitall.blogspot.com Key Fingerprint: 3691 0989 2DCA 58A2 8D1F 2CAC C823 558E 5B5B 5688
Attachment:
signature.asc
Description: OpenPGP digital signature
-- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
