|
From: | Anthony Liguori |
Subject: | [Qemu-devel] [RFC] QEMU Code Audit Team |
Date: | Fri, 06 Jan 2012 09:19:45 -0600 |
User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.23) Gecko/20110922 Lightning/1.0b2 Thunderbird/3.1.15 |
Hi,I had an idea I wanted to share and see what level of interest there was in participating and if anyone knows of a process that other projects follow for this.
I'd like to start a more formal and transparent security audit of QEMU. The way I'd imagine it working is something like this:
1) People volunteer to be part of the audit team2) Two people walk through a particular piece of code and independently flag anything that looks like a potential security issue.
3) Two people independently review everything that's flagged to see if there's a security issue.
Step (3) is something that requires a fairly deep understanding of QEMU but step (2) is probably something that a lot of people could participate in.
I'd want to focus initially on the common PC devices. The list isn't all that large and a review like this should only take a few hours to complete each step.
Would folks be interested in participating in something like this? If so, I can start organizing it.
Regards, Anthony Liguori
[Prev in Thread] | Current Thread | [Next in Thread] |