From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <keescook@google.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 9FE96B38
	for <ksummit-discuss@lists.linuxfoundation.org>;
	Fri, 20 Jan 2017 22:38:48 +0000 (UTC)
Received: from mail-io0-f182.google.com (mail-io0-f182.google.com
	[209.85.223.182])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id BF807137
	for <ksummit-discuss@lists.linuxfoundation.org>;
	Fri, 20 Jan 2017 22:38:44 +0000 (UTC)
Received: by mail-io0-f182.google.com with SMTP id j13so72308504iod.3
	for <ksummit-discuss@lists.linuxfoundation.org>;
	Fri, 20 Jan 2017 14:38:44 -0800 (PST)
MIME-Version: 1.0
Sender: keescook@google.com
From: Kees Cook <keescook@chromium.org>
Date: Fri, 20 Jan 2017 14:38:43 -0800
Message-ID: <CAGXu5j+nVMPk3TTxLr3_6Y=5vNM0=aD+13JM_Q5POts9M7kzuw@mail.gmail.com>
To: ksummit-discuss@lists.linuxfoundation.org
Content-Type: text/plain; charset=UTF-8
Cc: Josh Armour <jarmour@google.com>, Greg KH <gregkh@linuxfoundation.org>
Subject: [Ksummit-discuss] security-related TODO items?
List-Id: <ksummit-discuss.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/ksummit-discuss>,
	<mailto:ksummit-discuss-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/ksummit-discuss/>
List-Post: <mailto:ksummit-discuss@lists.linuxfoundation.org>
List-Help: <mailto:ksummit-discuss-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/ksummit-discuss>,
	<mailto:ksummit-discuss-request@lists.linuxfoundation.org?subject=subscribe>

Hi,

I've already got various Kernel Self-Protection Project TODO items
collected[1] (of varying size and complexity), but recently Google's
Patch Reward Program[2] is trying to expand by helping create a bounty
program for security-related TODOs. KSPP is just one corner of
interest in the kernel, and I'd love to know if any other maintainers
have TODO items that they'd like to see get done (and Google would
potentially provide bounty money for).

Let me know your security wish-lists, and I'll collect them all into a
single place. And if there is a better place than ksummit-discuss to
reach maintainers, I'm all ears. LKML tends to mostly just serve as a
public archive. :)

Thanks!

-Kees

[1] http://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project#Specific_TODO_Items
[2] https://www.google.com/about/appsecurity/patch-rewards/

-- 
Kees Cook
Nexus Security