From Fedora Project Wiki

(→‎Security Response: Moved text to Security_Bugs)
Line 1: Line 1:
 
The Security SIG has three missions that contributors can assist with:
 
The Security SIG has three missions that contributors can assist with:
  
 +
# [[:Category:Security#Security Response|Security Response]]
 
# [[:Category:Security#Secure Coding|Secure Coding]]
 
# [[:Category:Security#Secure Coding|Secure Coding]]
# [[:Security#Code Auditing|Code Auditing]]
+
# [[:Category:Security#Code Auditing|Code Auditing]]
# [[:Security#Security Response|Security Response]]
 
  
 
Contributors can work on any or all of these missions.
 
Contributors can work on any or all of these missions.
 +
 +
== Security Response ==
 +
The [[Security Team]] helps packagers fix security vulnerabilities in packages they maintain.  Most of these vulnerabilities come from the open source software community and packagers are notified by a ticket in [https://bugzilla.redhat.com Bugzilla].
 +
 +
=== Reporting Vulnerabilities ===
 +
 +
Security issues should be reported following the procedures outlined on the [[Security Bugs]] page.
  
 
== Secure Coding ==
 
== Secure Coding ==
Line 39: Line 46:
 
==== IRC ====
 
==== IRC ====
 
* '''{{fpchat|#fedora-security}}''' - Fedora's Security SIG channel on Freenode.
 
* '''{{fpchat|#fedora-security}}''' - Fedora's Security SIG channel on Freenode.
 
== Security Response ==
 
The [[Security Team]] helps packagers fix security vulnerabilities in packages they maintain.  Most of these vulnerabilities come from the open source software community and packagers are notified by a ticket in [https://bugzilla.redhat.com Bugzilla].
 
 
=== Fedora Security Response Procedures ===
 
 
Security issues should be reported following the procedures outlined on the [[Security Bugs]] page.
 
  
 
[[Category:Documentation]]
 
[[Category:Documentation]]

Revision as of 19:36, 9 November 2015

The Security SIG has three missions that contributors can assist with:

  1. Security Response
  2. Secure Coding
  3. Code Auditing

Contributors can work on any or all of these missions.

Security Response

The Security Team helps packagers fix security vulnerabilities in packages they maintain. Most of these vulnerabilities come from the open source software community and packagers are notified by a ticket in Bugzilla.

Reporting Vulnerabilities

Security issues should be reported following the procedures outlined on the Security Bugs page.

Secure Coding

Secure coding is writing code with security in mind from the beginning. By not making security mistakes the code is more secure and time won't be wasted down the road having to rewrite or redesign features and functionality.

Communicating

E-Mail List

  • Fedora security list: For discussion about improvement of Fedora security.

IRC

Projects

Defensive Coding book

The Defensive Coding book is published on the Fedora Docs website and is under development. The purpose of the book is to document common mistakes developers make and help educate developers on how to better their code from the beginning.

Training and Articles

In addition to the Defensive Coding book the Security SIG is charged with creating training resources. Videos and smaller articles on secure development can also be created to concentrate specific topics. These resources should be stored in the secure coding git repository.

Security Basics and HOWTO Articles

Basic Fedora security HOWTO is SecurityBasics

Code Auditing

Many security vulnerabilities are found with the help of a code audit. If you are interested in performing an audit please see our auditing resource page.

Communicating

IRC