path: root/open_issues/security.mdwn
diff options
Diffstat (limited to 'open_issues/security.mdwn')
1 files changed, 28 insertions, 0 deletions
diff --git a/open_issues/security.mdwn b/open_issues/security.mdwn
new file mode 100644
index 00000000..d8ffc04e
--- /dev/null
+++ b/open_issues/security.mdwn
@@ -0,0 +1,28 @@
+[[!meta copyright="Copyright © 2010, 2013 Free Software Foundation, Inc."]]
+[[!meta license="""[[!toggle id="license" text="GFDL 1.2+"]][[!toggleable
+id="license" text="Permission is granted to copy, distribute and/or modify this
+document under the terms of the GNU Free Documentation License, Version 1.2 or
+any later version published by the Free Software Foundation; with no Invariant
+Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license
+is included in the section entitled [[GNU Free Documentation
+There are [[several aspects to security|/security]] that are (mainly) relevant
+to the design space.
+There are also security issues in the implemenation space, for example using
+the correct coding paradigms.
+Large parts of our code base have not beed audited, either manually or in an
+automated fashion.
+[[Unit testing]] is one aspect: testing for reliably failing for invalid input.
+[[Code analysis]] is another aspect.
+All publically usable interfaces provide attacking targets. This includes all
+[[system call]]s and [[RPC]] interfaces.
+Fuzzing techniques can be use for locating possible issues; see discussion on
+the [[code_analysis]] page.