summaryrefslogtreecommitdiff
path: root/open_issues/security.mdwn
blob: d8ffc04edc291ca9e2946770c9ab0138b934ece9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
[[!meta copyright="Copyright © 2010, 2013 Free Software Foundation, Inc."]]

[[!meta license="""[[!toggle id="license" text="GFDL 1.2+"]][[!toggleable
id="license" text="Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version 1.2 or
any later version published by the Free Software Foundation; with no Invariant
Sections, no Front-Cover Texts, and no Back-Cover Texts.  A copy of the license
is included in the section entitled [[GNU Free Documentation
License|/fdl]]."]]"""]]

There are [[several aspects to security|/security]] that are (mainly) relevant
to the design space.

There are also security issues in the implemenation space, for example using
the correct coding paradigms.

Large parts of our code base have not beed audited, either manually or in an
automated fashion.

[[Unit testing]] is one aspect: testing for reliably failing for invalid input.

[[Code analysis]] is another aspect.

All publically usable interfaces provide attacking targets.  This includes all
[[system call]]s and [[RPC]] interfaces.

Fuzzing techniques can be use for locating possible issues; see discussion on
the [[code_analysis]] page.