[GLLUG] RedHat spooked ?
Richard W.M. Jones
rich at annexia.org
Thu Jul 3 22:10:21 UTC 2014
On Thu, Jul 03, 2014 at 07:57:29PM +0100, Christopher Hunter wrote:
> I'm led to believe that this has already been done, but by a couple
> of governments!
Lots of people with good and bad intentions are looking for security
holes in software.
Some things Red Hat do:
- Run Coverity (a proprietary static analysis tool) over the
code in RHEL, fix the bugs, AND submit the fixes upstream
so everyone benefits.
- Use SELinux as a second line of defence. We employ 2 people full
time just writing SELinux policies.
- Develop compiler hardening features upstream, and enable
them in Fedora & RHEL.
- Pay a security team to deal with the inevitable security problems
that will happen despite all of the above.
[https://access.redhat.com/security/team/contact]
Most importantly compared to proprietary and not-very-committed-to-
the-open-thing companies, all the code we publish is available as
source, upstream first, so you can download it and find out how it
works.
Rich.
More information about the GLLUG
mailing list