---

KernelTrap: Reporting Kernel Security Issues

“A lengthy and interesting thread was started on the lkml by
Chris Wright looking to define a centralized place to report
security issues in the Linux Kernel. Chris offered his services in
getting things set up, addressing his email to Linus Torvalds,
Andrew Morton, Alan Cox and Marcelo Tosatti. He explained that he
wanted to centralize the information ‘to help track it, make sure
things don’t fall through the cracks, and make sure of timely fix
and disclosure.’ The resulting discussion was joined by numerous
members of the kernel hacking community, exposing a wide range of
opinions.

“Linus agreed that it sounded like a good idea, but qualified
this by adding, ‘the _only_ requirement that I have is that there
be no stupid embargo on the list. Any list with a time limit
(vendor-sec) I will not have anything to do with…'”

Complete Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis