This is the paper for a Debconf6 roundtable named State of the art for Debian i18n/l10n. This paper has been written by Chritian Perrier and Javier Fernández-Sanguino.
Here you will find:
If you can review the paper, please use the Docbook-XML sources to send patches to the authors (read the document for contact information for them).
Paper for the Debconf6 Technical Workshop on Security.
The paper is available:
If you want to check out the data sets I used for this paper, look for it here. This does not include the vulnerability database I used, if you want to take a look at it (or at the scripts used to introduce data in it) send me an e-mail. Finally, if you want to check out the examples used in the workshop, just go to the samples directory.
This was my proposal, which might serve as an introduction to the paper itself:
Security bugs are routinely found in software that is shipped with the Debian OS. These bugs go from obscure bugs nobody thought about to common and recurring mistakes that open up our user's systems to attack. The workshop will focus and show how Debian developers can detect and fix these bugs themselves, showing off tools used and developed by the Security Audit Team. Also, some insights on how to introduce security engineering into software development to avoid bugs following well known practices such as: minimum privileges, safe default configurations, fail safe, input validation, etc. If all Debian developers would apply these principles the Debian OS would, consequently, have less security bugs which would reduce the workload of the security team. Also, if Debian developers would be able to spot troublesome software that requires careful review before uploading it to the distribution we would also prevent a lot of inmature, security-bug-ridden software in the distribution. The workshop's end goal is to give more power to developers based on past experiences as a way to improve security in the Debian OS.