On 09.07.2013 15:33, Eric H. Christensen wrote:
For code audits, we're really not sure where to start. We want
to
involve the community in this project, but honestly, we're not
totally sure what that means.
...
We look forward to your help.
starting with establishing values and metrics maybe can help - e.g.
osstmm rav with scare? I tried to integrate ISECOM´s scare (Source Code
Analysis Risk Evaluation) into the Fedora Security Lab, but because
scare is licenced cc-by-nd as a software licence we could not.
Even if it is not the newest, the Secure Programming Standards
Methodology Manual SPSMM is maybe also worth a look.
http://www.isecom.org/research/osstmm.html
http://www.isecom.org/research/spsmm.html
http://www.isecom.org/research/scare.html
cu Joerg
--
Joerg (kital) Simon
jsimon(a)fedoraproject.org
http://fedoraproject.org/wiki/JoergSimon
http://kitall.blogspot.com
Key Fingerprint:
3691 0989 2DCA 58A2 8D1F 2CAC C823 558E 5B5B 5688