Hi,
I wonder whether there is any infrastructure for regular, automated security
checks or at least heuristics and statistics somewhere in Debian?
Something like the lintian.debian.org which generates nice webpages with
statistics and stuff?
I recently stumbled over bogosec which basically runs flawfinder, rats
and ITS4 on packages and tries to generate metrics...
http://bogosec.sourceforge.net/about.html
---
BogoSec is a utility that calculates source code security quality
metrics. A flexible framework interprets the results of existing
scanners to compute these metrics. BogoSec is useful to track security
quality across releases and competing packages.
---
I imagine something like that (amended with more tools, e.g. bfbtester,
pscan etc. etc.) could be useful to get an impression on the overall
quality of packages and Debian as a whole, and/or to find "juicy" targets
for audits...
Thoughts?
Uwe.
--
Uwe Hermann
http://www.hermann-uwe.de
http://www.it-services-uh.de | http://www.crazy-hacks.org
http://www.holsham-traders.de | http://www.unmaintained-free-software.org
signature.asc
Description: Digital signature
_______________________________________________
Debian-audit mailing list
Debian-audit@xxxxxxxxxxxxx
http://shellcode.org/mailman/listinfo/debian-audit
| 
