> > > > brilliant idea, especially the secure coding education. There needs to > > be better guidance on problems, with real examples of code that are > > wrong, how one can exploit the flaw and what the correct way is to > > code something to prevent it from being exploitable. > > This should also include examples of proper logging and graceful > > shutdown, versus crashing. > > > > Also, there should be examples for c/c++, python,php, ruby, or > > whatever else, makes everyone's boats float. > > OWASP has these on their site already. Perhaps we just need to point > people in the right direction? OWASP has some information, they don't have everything. I generally don't see a lot of OWASP overlap in the open source universe. I'm unsure why this is. OWASP does have a lot of really good content, nobody can deny that. > > > Maybe adding advice on securing services should also be covered. > > This would be helpful. I'm not sure if we have something like this > already, but if not, then I have found the idea of the Gentoo security > handbook to be a good one that perhaps we could be inspired by. > We have a Fedora Security guide. As they say, patches welcome :) If you're interested, please do get involved. The guide can always use content. -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
