Ok I've read your existing list.
you might consider a section for system configuration errors (ex. LDAP
auth being passed in clear to an AD server that doesn't support
starttls/ssl when not using GSSAPI or having SSH 1 available, etc)
seeding errors for rand yielding predictable results
improper handling of errno values resulting in lock/race/buffer probs
On 08/12/2013 02:20 PM, Josh Bressers wrote:
Did you have a particular use-case in mind for your list? Will you be
accessing this list programmatically or just for human consumption?
Perhaps a schema/classification skeleton we could start with? Do you
want a list of specific exploits/vulnerabilities (so you might start
with local and remote for example then drill down with stack exploits,
cross site injections etc) or just a list of the monikers of actual
exploits like "sasser", or something more like "social engineering",
"network", "program code"..."input validation", etc?
Basically it's just a list for me. I'm putting together a nice list of
possible topics for a variety of reasons. I figured it would be nice to get
input from others, and obvious make such a list public for anyone who
wanted something similar.
It's a pretty open request, so I'd say anything goes. If you have some
ideas, jot them down.
Thanks.
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security
