Security

From FedoraProject

(Difference between revisions)
Jump to: navigation, search
(Mission)
(Secure Coding: Added Defensive Coding book info)
Line 9: Line 9:
  
 
== Secure Coding ==
 
== Secure Coding ==
 +
 +
Secure coding is writing code with security in mind from the beginning.  By not making security mistakes the code is more secure and time won't be wasted down the road having to rewrite or redesign features and functionality.
 +
 +
=== Projects ===
 +
 +
'''Defensive Coding book''' - The [https://docs.fedoraproject.org/en-US/Fedora_Security_Team//html/Defensive_Coding/index.html Defensive Coding book] is published on the [https://docs.fedoraproject.org Fedora Docs website] and is [https://fedorahosted.org/secure-coding/ under development].  The purpose of the book is to document common mistakes developers make and help educate developers on how to better their code from the beginning.
 +
 
== Code Auditing ==
 
== Code Auditing ==
  

Revision as of 15:40, 26 March 2013

Contents

Mission

The Security SIG has three missions that contributors can assist with:

  1. Secure Coding
  2. Code Auditing
  3. Security Response

Contributors can work on any or all of these missions.

Secure Coding

Secure coding is writing code with security in mind from the beginning. By not making security mistakes the code is more secure and time won't be wasted down the road having to rewrite or redesign features and functionality.

Projects

Defensive Coding book - The Defensive Coding book is published on the Fedora Docs website and is under development. The purpose of the book is to document common mistakes developers make and help educate developers on how to better their code from the beginning.

Code Auditing

Security Response

Fedora Security Response Procedures

If you would like to report any potential security issues with Fedora follow the procedures in Security Bugs page for escalated attention to it.

Security Issues Classification

So what counts a security issue in Fedora? Find answers in the Security Classifications page.

Security Status

The current security status of Fedora is available from Security Status page.

Security Features

Security features available in Fedora is explained on Security Features page.

Security Mailing list

Fedora security list: For discussion about improvement of Fedora security. Other mailing lists are available at the Communicate page

Fedora Security Response

The Fedora Security Response Team handles security issues within Fedora. The Red Hat security team can be reached by mailing secalert AT SPAMFREE redhat DOT com. Information regarding known public issues can be found on the Security Status page.

Endemic Security Risks

Due to the Fedora Project's use of resources not directly under our control, such as mirrors, Fedora and its users have exposure to additional endemic risks, and takes as many steps as possible mitigate these risks.

References

Presentations

Fedora Security Advisories

Fedora Security Tracking Bugs

  • To track security vulnerabilities in packages, tracking bugs are used.

List of Embedded Software

  • We are maintaining a list of embedded software within various packages. This will help us to quickly identify if a problem in library X can be corrected with updating library X, or if it also requires updating other packages that may contain their own private copies of library X. The embedded software list is used for this purpose.

List of SUID / SGID executables

  • We are maintaining a list of SUID / SGID bit equipped executables

within various packages. This will help us to quickly identify privileged binaries. This list is preliminary planned to be prepared for Fedora release of 14 and it will be enhanced later to include list of privileged binaries in also in newer versions of Fedora. The list of SUID SGID executables is used for this purpose.