(→What we do: Added specific information about what we do.) |
No edit summary |
||
| (3 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
{{old}} | |||
[[File:Fedora_Security_Team.png|200px|right|Fedora Security Team logo]] | [[File:Fedora_Security_Team.png|200px|right|Fedora Security Team logo]] | ||
| Line 9: | Line 11: | ||
* '''IRC''': | * '''IRC''': | ||
** {{fpchat|#fedora-security | ** {{fpchat|#fedora-security}} - Security Team IRC channel | ||
* '''Mailing lists''': | * '''Mailing lists''': | ||
** {{fplist|security | ** {{fplist|security}} - Security Team mailing list | ||
* '''Weekly meetings''': | * '''Weekly meetings''': | ||
** Every Thursday at | ** Every Thursday at 15:00 UTC. -> [[Security_Team_meetings|Schedule and Agenda]] | ||
=== Security Response === | === Security Response === | ||
| Line 25: | Line 27: | ||
== What we do == | == What we do == | ||
Fedora Security Team (FST) has several missions that try to overlap to make Fedora a more secure operating environment. The following | Fedora Security Team (FST) has several missions that try to overlap to make Fedora a more secure operating environment. The following tasks are related to the Fedora security team. | ||
=== Vulnerability Patching Assistance === | === Vulnerability Patching Assistance === | ||
The main goal of this | The main goal of this task is to make sure that known vulnerabilities are patched and shipped in a timely manner. By assisting package maintainers with patches it is hoped that vulnerability fixes can make to user systems before they become victim of an attack. | ||
=== Security Response === | === Security Response === | ||
Security Response is responding to new vulnerabilities in a timely manner. Fedora currently relies on the services of [https://access.redhat.com/security/overview Red Hat Product Security] to process, work with upstream, and work with packagers to address security vulnerabilities. | |||
=== Secure Coding === | === Secure Coding === | ||
| Line 61: | Line 59: | ||
Joining the Fedora Security Team is an easy, three-step process: | Joining the Fedora Security Team is an easy, three-step process: | ||
# subscribe to the {{fplist|security | # subscribe to the {{fplist|security}} mailing list, | ||
# join us on the {{fpchat|#fedora-security | # join us on the {{fpchat|#fedora-security}} IRC channel, | ||
# take a look at the [[Security Team Tasks]], and | # take a look at the [[Security Team Tasks]], and | ||
# read the [[Security_Team_Work_Flow|work flow]]. | # read the [[Security_Team_Work_Flow|work flow]]. | ||
Latest revision as of 00:18, 12 April 2024
This page has been marked as "old", and likely contains content that is irrelevant or incorrect. If you can, please update this page. This page will be deleted if action is not taken.
Mission
To provide the utmost secure operating environment to Fedora and EPEL users by:
- working with packagers to patch and update packages,
- identifying and helping to improve secure development practices,
- answering software security questions from the community.
Contact
If you need help or assistance with any issue, please feel free to contact the FST members at
- IRC:
- #fedora-security[?] - Security Team IRC channel
- Mailing lists:
- security - Security Team mailing list
- Weekly meetings:
- Every Thursday at 15:00 UTC. -> Schedule and Agenda
Security Response
To report a vulnerability in software please follow the procedure outlined on the Security Bugs page.
To report a security concern within the Fedora Project please email security at fedoraproject dot org.
What we do
Fedora Security Team (FST) has several missions that try to overlap to make Fedora a more secure operating environment. The following tasks are related to the Fedora security team.
Vulnerability Patching Assistance
The main goal of this task is to make sure that known vulnerabilities are patched and shipped in a timely manner. By assisting package maintainers with patches it is hoped that vulnerability fixes can make to user systems before they become victim of an attack.
Security Response
Security Response is responding to new vulnerabilities in a timely manner. Fedora currently relies on the services of Red Hat Product Security to process, work with upstream, and work with packagers to address security vulnerabilities.
Secure Coding
Keeping vulnerabilities from being written in the first place should be the goal of any good security team and this team is no different. We strive to create documentation that explains how to avoid common pitfalls in software development and attempt to answer any questions that come our way.
Code Auditing
Another service we'd like to offer in the future, code auditing will hopefully find vulnerabilities in code before a cracker can take advantage.
How to get involved
Joining the team
Joining the Fedora Security Team is an easy, three-step process:
- subscribe to the security mailing list,
- join us on the #fedora-security[?] IRC channel,
- take a look at the Security Team Tasks, and
- read the work flow.
Once you feel comfortable just jump in and start helping. If you have questions please ask on IRC or on the mailing list.
Also, please take a look at the proposed Security Team Apprenticeship program as this may help answer additional questions.
Pages in category "Security Team"
The following 8 pages are in this category, out of 8 total.