On Wed, Aug 03, 2005 at 02:54:37PM -0700, Jake Appelbaum wrote:
> Hi there,
>
> I happen to work for a company that's doing some innovative development
> in the area of binary static analysis. We have a shipping product that
(...)
>
> After reading about the lack of security resources facing the Debian
> team, I thought it would be a helpful to offer the use of our product to
> the Debian security team. This can be used for full audit of the SPARC
> binary packages in Debian. Stable, testing, unstable, etc.
I, as member of the Debian security audit team [1], would be open to use
your product in reviewing the security of the Debian OS. We have
tried to do automatic source code audits with the tools currently
available to us in the free software world, and I contacted
Coverity (without success) to try to use theirs in our source code base.
> I'm sure people are a bit skeptical of a project like this and what kind
> of things it can do. We're not just doing this because we use Debian but
> because we want to support Free Software in general.
That's good. I'm not skeptical of closed source projects, if your
company and product can help improve Debian we appreciate it. I actually
don't think that Coverity helping find bugs in the Linux kenerl (and other
OSS software) is bad.
> If you are interested, let me know and I can go into more detail. If you
> have any initial questions, feel free to ask me.
I do have a few questions, but I rather read the whitepapers of your
solution first. Just a quick one: why is it SPARC specific?
Regards
Javier
[1] http://www.debian.org/security/audit
signature.asc
Description: Digital signature
_______________________________________________
Debian-audit mailing list
Debian-audit@xxxxxxxxxxxxx
http://shellcode.org/mailman/listinfo/debian-audit
|
