[Users] Is CM participating?
Ralf Mardorf
silver.bullet at zoho.com
Sat May 13 19:34:43 CEST 2017
On Sat, 13 May 2017 10:14:11 -0700, sylpheed at 911networks.com wrote:
>Hi,
>
>Google Found Over 1,000 Bugs In 47 Open Source Projects with the
>Google's OSS-Fuzz program and is offering cash to participate.
>
>https://it.slashdot.org/story/17/05/13/0113255/google-found-over-1000-bugs-in-47-open-source-projects
>
>Projects participating:
>
>Wireshark, LibreOffice, SQLite 3,...
Hi,
do you already care about at least CVE's yourself?
Some distros provide auditing tools, such as
https://www.archlinux.org/packages/community/x86_64/arch-audit/ ,
others at least provide a website, such as https://www.ubuntu.com/usn/
and even if a distro doesn't have a security team, there's still
https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures#External_links .
Regarding bugs in general we could use the distros', as well as the
upstream bugtrackers to report issues we are experiencing, e.g. for
Claws http://www.thewildbeast.co.uk/claws-mail/bugzilla/ .
If upstream of what ever software likes to participate, it's their
choice, however, I would like to see, that at least a few projects
don't become member of the big Google "family".
Regards,
Ralf
More information about the Users
mailing list