Who Watches Over Coverity?

Richard Irving rirving at antient.org
Mon Aug 14 13:44:56 UTC 2006

</signal> <noise>
Benjy Grogan wrote:

> Hello:
> Is Red Hat worried about Coverity or other such bug/security hole
> searching private ventures?  

I doubt it, that which doesn't kill you makes you stronger.

> There are probably 1000s of critical
> security holes in any given Linux distro and the only problem is that
> there doesn't exist sophisticated enough tools yet to discover them.

  An infinite number of monkeys typing on a typewriter, eventually
reproduce the works of Shakespeare... and the Internet provides
online distro's with an infinite number of monkeys.

But instead of Shakespeare, they find the vulnerabilities.
Hence the term "case" hardened.  ;-)

> Companies like Coverity are attempting to develop them, and for what
> seems like the greater good of Linux distros.

    Oh, the "greater good", I *hate* that expression, it always seems to
herald someone taking away something from me, money, guns, civil rights, 

Who is John Galt, eh ?   :-P

>   Nevertheless, with Red
> Hat having invested so much into SELinux is there also considerable
> thought put into developing a Coverity-like project to get to those
> lingering security threats first?

   Actually, the nature of SELinux is to isolate, or "contain" just
such unforeseen, but inevitable, vulnerabilities, in the first place.

Thus the "raison d'etre" of a "container"/"flask" model.

But, I am not speaking for RH... just guessing what their attitude
might be. Of course, Carnac the magnificent, I am not.

> Benjy
> -- 
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

More information about the fedora-selinux-list mailing list