Red Hat wants the Linux community more secure

Linux News Today features the latest news from the global Linux community. This site is updated daily. Click here to return to our homepage.

Get the lowest cost and the best tech support on any Linux web hosting plan. Click here for details.

home | news archives | linux forum | advertise on our site | contact

Plans begin at $24.95 a month. Get more details, click here.

Red Hat wants the Linux community more secure

May 28, 2008

Yesterday, Red Hat has created a new initiative called The Open Source Software Security community (OSS-Security for short). The new project is a mailing list–based approach, in which Linux security issues can be discussed openly and freely.

Red Hat's work comes on the heels of Google, Novell and others supporting an open source CERT (Computer Emergency Response Team) effort, called o-Cert. Though Red Hat is supportive of o-CERT, it's not an official member, least not yet.

Overall, Red Hat participates in numerous security efforts, including the vital vendor-sec group, in which security vulnerabilities are regularly reported. OSS-security fulfills a different role than vendor-sec.

Josh Bressers, senior engineer for Red Hat's security response team said "OSS-security is not affiliated with o-CERT in any way, nor is it meant to compete with them. Instead, o-CERT specializes in the handling of sensitive and "embargoed" security issues."

He added "the target of OSS-security is not handling sensitive issues but rather the open discussion of public issues and daily challenges in the Linux community."

Red Hat's new initiative is meant to act as a public community effort with respect to handling many variances of open source security issues.

"We link to OSS-security from o-CERT.org, and one of the people that started OSS-security is on the o-CERT board," said Andrea Barisani, o-CERT's founder. "We are complementary and far from being competitive, and in the open source security world all the help we can get is always welcome."

On the other hand, the OSS-security group is meant to act as a public community effort with respect to handling open source security issues. "The purpose of vendor-sec is to be a closed private group," Bressers noted.

He added "the very nature of vendor-sec makes it ideal for handling embargoed sensitive security issues, but certainly doesn't address the issue of public discussion," he said, explaining that "Public discussion is the very heart of the ideals of open source and Linux."

Red Hat isn't the only member of OSS-security. Mandriva, Foresight Linux and Openwall are also active participants. Bressers was also quick to point out that neither Red Hat nor the OSS-security group is soliciting open source projects to participate in this effort.

"The common goal of this group is to fill the current vacuum for discussing and handling the unique challenges the Linux and open source community must focus on when handling security issues," Bressers said.

"Regardless of their affiliation, anyone is welcome to participate in this new initiative," Bressers said. "Rather than explicitly solicit participation from other projects, we are confident that by building a strong community, it will broaden participation."

Source: Red Hat.

Add to del.icio.us Digg this

Article featured on Tech Blog and on Business 5.0

This article was featured on Tech Blog and Business 5.0.

ADVERTISERS:
Linux News Today.org is read by over 450,000 people involved in the field of Linux application development, professional Web hosting services, Linux security, Linux Web development, etc. Inquire about our reasonable advertising rates on our news website. One of our advertising representatives will be in touch with you. Simply email us to learn about our ad rates and how we can help drive relevant traffic to your website. Advertising space is limited.

home | news archives | join our forum | advertise on our site | contact

Site powered by Linux Hosting Sponsored by Sure Mail™ and by Domain Appraisers