From: Kees Cook <keescook@chromium.org>
To: "Theodore Ts'o" <tytso@mit.edu>
Cc: James Bottomley <James.Bottomley@hansenpartnership.com>,
Josh Boyer <jwboyer@fedoraproject.org>,
Jason Cooper <jason@lakedaemon.net>,
ksummit-discuss@lists.linuxfoundation.org
Subject: Re: [Ksummit-discuss] [CORE TOPIC] dev/maintainer workflow security
Date: Mon, 13 Jul 2015 16:15:03 -0700 [thread overview]
Message-ID: <CAGXu5jKTVka04AXdKJh48yHEy4nJm3MSK5wdaBiD9NpG+mBStg@mail.gmail.com> (raw)
In-Reply-To: <20150711163838.GA4441@thunk.org>
On Sat, Jul 11, 2015 at 9:38 AM, Theodore Ts'o <tytso@mit.edu> wrote:
> On Sat, Jul 11, 2015 at 04:02:02PM +0000, Jason Cooper wrote:
>>
>> Could we have some sort of post-vuln/CVE conversation dissecting the
>> vulnerability and how it got there? Or, perhaps select a few for
>> process-dissection to be presented at the summit?
>
> Kees did a really good presentation entitled "security anti-patterns"
> a year or two ago at a kernel summit (the one at Edinburgh if I
> remember correctly?). Kees, do you think it would be worth updating
> and re-doing that presentation? And perhaps at a wider set of venues
> beyond just the kernel summit....
I can, yeah, but I sort of think stuff like that is really just
"reference material", and sometimes too specific. Reviewers (and
authors) need to think about high-level risks, not just mechanical
flaws. I would agree that beefing up reviewer roles could really help
this part of the problem, though.
-Kees
--
Kees Cook
Chrome OS Security
next prev parent reply other threads:[~2015-07-13 23:15 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-10 14:38 Jason Cooper
2015-07-10 15:50 ` Josh Boyer
2015-07-10 16:23 ` Theodore Ts'o
2015-07-10 19:45 ` Steven Rostedt
2015-07-10 20:34 ` Olof Johansson
2015-07-11 1:19 ` Jason Cooper
2015-07-10 22:08 ` Kees Cook
2015-07-11 1:48 ` Jason Cooper
2015-07-11 7:31 ` James Bottomley
2015-07-11 16:02 ` Jason Cooper
2015-07-11 16:38 ` Theodore Ts'o
2015-07-13 23:15 ` Kees Cook [this message]
2015-07-13 8:32 ` Jiri Kosina
2015-07-13 14:07 ` Konstantin Ryabitsev
2015-07-13 15:39 ` James Bottomley
2015-07-13 16:02 ` Mark Brown
2015-07-13 16:05 ` Konstantin Ryabitsev
2015-07-13 16:14 ` James Bottomley
2015-07-13 18:22 ` Theodore Ts'o
2015-07-13 16:46 ` Geert Uytterhoeven
2015-07-13 17:12 ` josh
2015-07-13 19:37 ` Jiri Kosina
2015-07-15 18:42 ` Steven Rostedt
2015-07-13 23:25 ` Kees Cook
2015-07-14 7:47 ` James Bottomley
2015-07-14 16:20 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAGXu5jKTVka04AXdKJh48yHEy4nJm3MSK5wdaBiD9NpG+mBStg@mail.gmail.com \
--to=keescook@chromium.org \
--cc=James.Bottomley@hansenpartnership.com \
--cc=jason@lakedaemon.net \
--cc=jwboyer@fedoraproject.org \
--cc=ksummit-discuss@lists.linuxfoundation.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox