Slashdot Mirror


Does Open Source Need a Red Team?

garyebickford writes "IMHO the Open Source community (whatever that is) needs a Red Team project. This would be an open source project, but its output would be a process rather than a piece of software. If such a group exists, I'm not aware of it. This document and this page [from the Google cache] are from a commercial company (picked at random from a Google search) that provides similar services. The OS Red Team would provide 3rd party security testing, code review and evaluation for open source projects prior to release, providing a 'report card' stating what has been reviewed and tested, and recommending fixes. When a package is released, the Team's 'weather report' stating the probabilities that a package would survive different kinds of attack would be a valuable piece of information for prospective users." Do you think the Open Source Community would benefit from such an effort?

"The Team could also provide a set of recommended processes and tools for O.S. projects to follow prior to submission to the Red Team test queue. This by itself would be a valuable tool.

Such teams are sometimes used by companies to test the security of their networks and software. The O.S. community have done an excellent job so far, but as open source is used more and more by the mainstream computer users, vetting by a 3rd party would help make many organizations more likely to accept a piece of O.S. software.

The Team would, like any open source project, be comprised of both experts and newbies. The newbies would have the opportunity of doing real testing under the guidance of folks who know more, thereby becoming more expert themselves. The experts would provide a centralized open-source-oriented set of recommendations and specialized review as needed.

Either the Red Team or its members could also provide paid services for commercial software, and could participate with university CS departments in training students, providing the opportunity for valuable cross-training between schools. It might even be possible to arrange course credit for work on the Team.

Many Open Source projects could benefit from such a 3rd party group to recommend development procedures, code styles, and actual testing to teach and motivate better security practices in code design. The plain fact is that many (most?) of us developers are not completely 'up' on the issue of security - it's a very dynamic area of specialization. This initiative could be another resource that will be useful in establishing OS in the mainstream."

1 of 49 comments (clear)

  1. what's the deal with you homosexual fanatics?!?! by Anonymous Coward · · Score: -1, Troll
    I don't want to start a holy war here, but what is the deal with you homosexuals? I've been sitting here in this bathroom stall with a turd-burglar (a leather wearing pansy) sucking my dick for 20 minutes now. 20 minutes! At home, with my girlfriend, who by all standards should have less experience eating a meat popsicle, the same orgasm would take about 2 minutes. If that.

    In addition, during this oral sex attempt, he fingers my asshole. And everything else has ground to a halt. Even trying to fart fails.

    I won't bore you with the laundry list of other problems that I've encountered while dealing with other fairies, but suffice it to say there have been many, not the least of which is I've never seen a shemale that looks as god in a dress as it's woman counterpart. My girlfriend on the rag has a more appealing vagina. Thie guy just has a cock that he probably wants sucked off. From a pleasure department, I don't know how people can claim that gay sex is superior.

    Slashdot editors and other pillow-biters, flame me if you'd like, but I'd rather hear some intelligent reasons why anyone would choose to shove their cock up some guy's asshole than crease the sheets with a fine-looking lady.