Re: [Qemu-devel] [RFC] QEMU Code Audit Team

[Zhi Yong Wu]

On Fri, Jan 6, 2012 at 11:19 PM, Anthony Liguori <address@hidden> wrote:
> Hi,
>
> I had an idea I wanted to share and see what level of interest there was in
> participating and if anyone knows of a process that other projects follow
> for this.
>
> I'd like to start a more formal and transparent security audit of QEMU.  The
> way I'd imagine it working is something like this:
>
> 1) People volunteer to be part of the audit team
>
> 2) Two people walk through a particular piece of code and independently flag
> anything that looks like a potential security issue.
>
> 3) Two people independently review everything that's flagged to see if
> there's a security issue.
>
> Step (3) is something that requires a fairly deep understanding of QEMU but
> step (2) is probably something that a lot of people could participate in.
>
> I'd want to focus initially on the common PC devices.   The list isn't all
> that large and a review like this should only take a few hours to complete
> each step.
>
> Would folks be interested in participating in something like this?  If so, I
> can start organizing it.
If could, i would like to be one volunteer.

>
> Regards,
>
> Anthony Liguori
>
>



-- 
Regards,

Zhi Yong Wu