[GLLUG] RedHat spooked ?

Richard W.M. Jones rich at annexia.org
Thu Jul 3 22:10:21 UTC 2014


On Thu, Jul 03, 2014 at 07:57:29PM +0100, Christopher Hunter wrote:
> I'm led to believe that this has already been done, but by a couple
> of governments!

Lots of people with good and bad intentions are looking for security
holes in software.

Some things Red Hat do:

- Run Coverity (a proprietary static analysis tool) over the
  code in RHEL, fix the bugs, AND submit the fixes upstream
  so everyone benefits.

- Use SELinux as a second line of defence.  We employ 2 people full
  time just writing SELinux policies.

- Develop compiler hardening features upstream, and enable
  them in Fedora & RHEL.

- Pay a security team to deal with the inevitable security problems
  that will happen despite all of the above.
  [https://access.redhat.com/security/team/contact]

Most importantly compared to proprietary and not-very-committed-to-
the-open-thing companies, all the code we publish is available as
source, upstream first, so you can download it and find out how it
works.

Rich.




More information about the GLLUG mailing list