224 lines
4.0 KiB
HTML
224 lines
4.0 KiB
HTML
|
<HTML
|
||
|
><HEAD
|
||
|
><TITLE
|
||
|
>Other Sources of Security Information</TITLE
|
||
|
><META
|
||
|
NAME="GENERATOR"
|
||
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
|
||
|
REL="HOME"
|
||
|
TITLE="Secure Programming for Linux and Unix HOWTO"
|
||
|
HREF="index.html"><LINK
|
||
|
REL="UP"
|
||
|
TITLE="Background"
|
||
|
HREF="background.html"><LINK
|
||
|
REL="PREVIOUS"
|
||
|
TITLE="Sources of Design and Implementation Guidelines"
|
||
|
HREF="sources-of-guidelines.html"><LINK
|
||
|
REL="NEXT"
|
||
|
TITLE="Document Conventions"
|
||
|
HREF="conventions.html"></HEAD
|
||
|
><BODY
|
||
|
CLASS="SECT1"
|
||
|
BGCOLOR="#FFFFFF"
|
||
|
TEXT="#000000"
|
||
|
LINK="#0000FF"
|
||
|
VLINK="#840084"
|
||
|
ALINK="#0000FF"
|
||
|
><DIV
|
||
|
CLASS="NAVHEADER"
|
||
|
><TABLE
|
||
|
SUMMARY="Header navigation table"
|
||
|
WIDTH="100%"
|
||
|
BORDER="0"
|
||
|
CELLPADDING="0"
|
||
|
CELLSPACING="0"
|
||
|
><TR
|
||
|
><TH
|
||
|
COLSPAN="3"
|
||
|
ALIGN="center"
|
||
|
>Secure Programming for Linux and Unix HOWTO</TH
|
||
|
></TR
|
||
|
><TR
|
||
|
><TD
|
||
|
WIDTH="10%"
|
||
|
ALIGN="left"
|
||
|
VALIGN="bottom"
|
||
|
><A
|
||
|
HREF="sources-of-guidelines.html"
|
||
|
ACCESSKEY="P"
|
||
|
>Prev</A
|
||
|
></TD
|
||
|
><TD
|
||
|
WIDTH="80%"
|
||
|
ALIGN="center"
|
||
|
VALIGN="bottom"
|
||
|
>Chapter 2. Background</TD
|
||
|
><TD
|
||
|
WIDTH="10%"
|
||
|
ALIGN="right"
|
||
|
VALIGN="bottom"
|
||
|
><A
|
||
|
HREF="conventions.html"
|
||
|
ACCESSKEY="N"
|
||
|
>Next</A
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
><HR
|
||
|
ALIGN="LEFT"
|
||
|
WIDTH="100%"></DIV
|
||
|
><DIV
|
||
|
CLASS="SECT1"
|
||
|
><H1
|
||
|
CLASS="SECT1"
|
||
|
><A
|
||
|
NAME="OTHER-SOURCES"
|
||
|
></A
|
||
|
>2.9. Other Sources of Security Information</H1
|
||
|
><P
|
||
|
>There are a vast number of web sites and mailing lists dedicated to
|
||
|
security issues.
|
||
|
Here are some other sources of security information:
|
||
|
<P
|
||
|
></P
|
||
|
><UL
|
||
|
><LI
|
||
|
><P
|
||
|
><A
|
||
|
HREF="http://www.securityfocus.com"
|
||
|
TARGET="_top"
|
||
|
>Securityfocus.com</A
|
||
|
>
|
||
|
has a wealth of general security-related news and information, and hosts
|
||
|
a number of security-related mailing lists.
|
||
|
See their website for information on how to subscribe and view their archives.
|
||
|
A few of the most relevant mailing lists on SecurityFocus are:
|
||
|
<P
|
||
|
></P
|
||
|
><UL
|
||
|
><LI
|
||
|
><P
|
||
|
>The ``Bugtraq'' mailing list is, as noted above,
|
||
|
a ``full disclosure moderated mailing list for the detailed discussion and
|
||
|
announcement of computer security vulnerabilities:
|
||
|
what they are, how to exploit them, and how to fix them.''</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
>The ``secprog'' mailing list is
|
||
|
a moderated mailing list for the discussion of secure software
|
||
|
development methodologies and techniques.
|
||
|
I specifically monitor this list, and I coordinate with its moderator
|
||
|
to ensure that resolutions reached in SECPROG (if I agree with them)
|
||
|
are incorporated into this document.</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
>The ``vuln-dev'' mailing list discusses potential or undeveloped holes.</P
|
||
|
></LI
|
||
|
></UL
|
||
|
></P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
>IBM's ``developerWorks: Security'' has a library of interesting articles.
|
||
|
You can learn more from
|
||
|
<A
|
||
|
HREF="http://www.ibm.com/developer/security"
|
||
|
TARGET="_top"
|
||
|
>http://www.ibm.com/developer/security</A
|
||
|
>.</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
>For Linux-specific security information, a good source is
|
||
|
<A
|
||
|
HREF="http://www.linuxsecurity.com"
|
||
|
TARGET="_top"
|
||
|
>LinuxSecurity.com</A
|
||
|
>.
|
||
|
If you're interested in auditing Linux code, places to see include
|
||
|
the <A
|
||
|
HREF="http://www.linuxhelp.org/lsap.shtml"
|
||
|
TARGET="_top"
|
||
|
>Linux
|
||
|
Security-Audit Project FAQ</A
|
||
|
>
|
||
|
and <A
|
||
|
HREF="http://www.lkap.org"
|
||
|
TARGET="_top"
|
||
|
>Linux Kernel Auditing Project</A
|
||
|
>
|
||
|
are dedicated to auditing Linux code for security issues.</P
|
||
|
></LI
|
||
|
></UL
|
||
|
>
|
||
|
Of course, if you're securing specific systems, you should sign up to
|
||
|
their security mailing lists (e.g., Microsoft's, Red Hat's, etc.)
|
||
|
so you can be warned of any security updates.</P
|
||
|
></DIV
|
||
|
><DIV
|
||
|
CLASS="NAVFOOTER"
|
||
|
><HR
|
||
|
ALIGN="LEFT"
|
||
|
WIDTH="100%"><TABLE
|
||
|
SUMMARY="Footer navigation table"
|
||
|
WIDTH="100%"
|
||
|
BORDER="0"
|
||
|
CELLPADDING="0"
|
||
|
CELLSPACING="0"
|
||
|
><TR
|
||
|
><TD
|
||
|
WIDTH="33%"
|
||
|
ALIGN="left"
|
||
|
VALIGN="top"
|
||
|
><A
|
||
|
HREF="sources-of-guidelines.html"
|
||
|
ACCESSKEY="P"
|
||
|
>Prev</A
|
||
|
></TD
|
||
|
><TD
|
||
|
WIDTH="34%"
|
||
|
ALIGN="center"
|
||
|
VALIGN="top"
|
||
|
><A
|
||
|
HREF="index.html"
|
||
|
ACCESSKEY="H"
|
||
|
>Home</A
|
||
|
></TD
|
||
|
><TD
|
||
|
WIDTH="33%"
|
||
|
ALIGN="right"
|
||
|
VALIGN="top"
|
||
|
><A
|
||
|
HREF="conventions.html"
|
||
|
ACCESSKEY="N"
|
||
|
>Next</A
|
||
|
></TD
|
||
|
></TR
|
||
|
><TR
|
||
|
><TD
|
||
|
WIDTH="33%"
|
||
|
ALIGN="left"
|
||
|
VALIGN="top"
|
||
|
>Sources of Design and Implementation Guidelines</TD
|
||
|
><TD
|
||
|
WIDTH="34%"
|
||
|
ALIGN="center"
|
||
|
VALIGN="top"
|
||
|
><A
|
||
|
HREF="background.html"
|
||
|
ACCESSKEY="U"
|
||
|
>Up</A
|
||
|
></TD
|
||
|
><TD
|
||
|
WIDTH="33%"
|
||
|
ALIGN="right"
|
||
|
VALIGN="top"
|
||
|
>Document Conventions</TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
></DIV
|
||
|
></BODY
|
||
|
></HTML
|
||
|
>
|