(New page: Security related pages.) |
|||
| (25 intermediate revisions by 4 users not shown) | |||
| Line 1: | Line 1: | ||
Security | The Security SIG has three missions that contributors can assist with: | ||
# [[:Category:Security#Security Response|Security Response]] | |||
# [[:Category:Security#Secure Coding|Secure Coding]] | |||
# [[:Category:Security#Code Auditing|Code Auditing]] | |||
Contributors can work on any or all of these missions. | |||
== Security Response == | |||
The [[Security Team]] helps packagers fix security vulnerabilities in packages they maintain. Most of these vulnerabilities come from the open source software community and packagers are notified by a ticket in [https://bugzilla.redhat.com Bugzilla]. | |||
=== Communicating === | |||
==== IRC ==== | |||
* {{fpchat|#fedora-security}} - general security questions | |||
* {{fpchat|#fedora-security-team}} - FST IRC channel for working vulnerabilities | |||
==== Mailing Lists ==== | |||
* {{fplist|security}} - General security mailing list (good for questions) | |||
* {{fplist|security-team}} - Security Team mailing list | |||
=== Reporting Vulnerabilities === | |||
Security issues should be reported following the procedures outlined on the [[Security Bugs]] page. | |||
== Secure Coding == | |||
Secure coding is writing code with security in mind from the beginning. By not making security mistakes the code is more secure and time won't be wasted down the road having to rewrite or redesign features and functionality. | |||
=== Communicating === | |||
==== E-Mail List ==== | |||
* Fedora {{fplist|security}} list: For discussion about improvement of Fedora security. | |||
==== IRC ==== | |||
* '''{{fpchat|#fedora-security}}''' - Fedora's Security SIG channel on Freenode. | |||
=== Projects === | |||
==== Defensive Coding book ==== | |||
The [https://docs.fedoraproject.org/en-US/Fedora_Security_Team//html/Defensive_Coding/index.html Defensive Coding book] is published on the [https://docs.fedoraproject.org Fedora Docs website] and is [https://fedorahosted.org/secure-coding/ under development]. The purpose of the book is to document common mistakes developers make and help educate developers on how to better their code from the beginning. | |||
==== Training and Articles ==== | |||
In addition to the Defensive Coding book the Security SIG is charged with creating training resources. Videos and smaller articles on secure development can also be created to concentrate specific topics. These resources should be stored in the [https://fedorahosted.org/secure-coding/ secure coding] git repository. | |||
==== Security Basics and HOWTO Articles==== | |||
Basic Fedora security HOWTO is [[SecurityBasics]] | |||
== Code Auditing == | |||
Many security vulnerabilities are found with the help of a code audit. If you are interested in performing an audit please see our [[:Category:Code_Audit|auditing resource]] page. | |||
=== Communicating === | |||
==== IRC ==== | |||
* '''{{fpchat|#fedora-security}}''' - Fedora's Security SIG channel on Freenode. | |||
[[Category:Documentation]] | |||
Revision as of 19:45, 9 November 2015
The Security SIG has three missions that contributors can assist with:
Contributors can work on any or all of these missions.
Security Response
The Security Team helps packagers fix security vulnerabilities in packages they maintain. Most of these vulnerabilities come from the open source software community and packagers are notified by a ticket in Bugzilla.
Communicating
IRC
- #fedora-security[?] - general security questions
- #fedora-security-team[?] - FST IRC channel for working vulnerabilities
Mailing Lists
- security - General security mailing list (good for questions)
- security-team - Security Team mailing list
Reporting Vulnerabilities
Security issues should be reported following the procedures outlined on the Security Bugs page.
Secure Coding
Secure coding is writing code with security in mind from the beginning. By not making security mistakes the code is more secure and time won't be wasted down the road having to rewrite or redesign features and functionality.
Communicating
E-Mail List
- Fedora security list: For discussion about improvement of Fedora security.
IRC
- #fedora-security[?] - Fedora's Security SIG channel on Freenode.
Projects
Defensive Coding book
The Defensive Coding book is published on the Fedora Docs website and is under development. The purpose of the book is to document common mistakes developers make and help educate developers on how to better their code from the beginning.
Training and Articles
In addition to the Defensive Coding book the Security SIG is charged with creating training resources. Videos and smaller articles on secure development can also be created to concentrate specific topics. These resources should be stored in the secure coding git repository.
Security Basics and HOWTO Articles
Basic Fedora security HOWTO is SecurityBasics
Code Auditing
Many security vulnerabilities are found with the help of a code audit. If you are interested in performing an audit please see our auditing resource page.
Communicating
IRC
- #fedora-security[?] - Fedora's Security SIG channel on Freenode.
Subcategories
This category has the following 2 subcategories, out of 2 total.
Pages in category "Security"
The following 31 pages are in this category, out of 31 total.
D
S
- Secure Coding Training Curriculum
- Security
- Security Bugs
- Security Bugs/ar
- Security Classifications
- Security Features
- Security Guide Audit
- Security of Embedded Software
- Archive:Security Status
- Security Status for 2002
- Security Status for 2004
- Security Status for 2005
- Security Status for2003
- Security Team FAD 2016
- Security Team Hall of Fame
- Security Team Roster
- Security Tracking Bugs