<p dir="ltr">Well I'm happy to propose some sort of BOF on this at OSDC in November. We definitely need some more (security) eyes on these "less sexy" open source projects. We all use them every day without a second thought on who is maintaining them.</p>
<p dir="ltr">Are there any specific neglected core projects people know about that need some love .... maybe organising some sort of hackathon/testathon around one of these could be a positive thing we could do???</p>
<p dir="ltr">Steve</p>
<p dir="ltr">Ps. If you haven't booked your ticket yet.... Please come see us on the lovely gold coast this year, OSDC is now shaping up quite nicely (albeit a bit last minute!) </p>
<p dir="ltr"><a href="http://2014.osdc.com.au/registration">http://2014.osdc.com.au/registration</a></p>
<p dir="ltr">On Fri, Sep 26, 2014 at 7:11 AM, Ian <<a href="mailto:ilox11@gmail.com">ilox11@gmail.com</a>> wrote:<br>
> The journos are having a field day over the discovery of the vulnerabilities<br>
> in Bash, the vulnerability now called Shellshock. They talk of 500million<br>
> affected sites. Any Apache server is easily taken over. Some reporting that<br>
> the patches not fully safe yet.<br>
> <a href="http://www.bbc.com/news/technology-29361794">http://www.bbc.com/news/technology-29361794</a><br>
> "The new bug has turned the spotlight, once again, onto the reliance the<br>
> technology industry has on products built and maintained by small teams<br>
> often made up of volunteers."<br>
> And even more fingers being pointed at the Open Source community,<br>
> "That such key parts of everyday technology are maintained in this way is a<br>
> cause for concern," said Tony Dyhouse from the UK's Trustworthy Security<br>
> Initiative.<br>
><br>
> "To achieve a more stable and secure technology environment in which<br>
> businesses and individuals can feel truly safe, we have to peel back the<br>
> layers, start at the bottom and work up," he said."This is utterly<br>
> symptomatic of the historic neglect we have seen for the development of a<br>
> dependable and trustworthy baseline upon which to develop a software<br>
> infrastructure for the UK.<br>
> "Ultimately, this is a lifecycle problem. It's here because people are<br>
> making mistakes whilst writing code and making further mistakes when<br>
> patching the original problems."<br>
><br>
> "<br>
> What is the real story? How vulnerable are our servers? Will the patches<br>
> resolve the problem?<br>
><br>
> Should there be a focus within the Linux world to track down all the little<br>
> bits that make up the foundation of the software and making sure they are<br>
> being maintained and secure and above all trusted? Perhaps LA or the next<br>
> LCA could/should pick this up as a theme and be a leader in the open source<br>
> world?<br>
><br>
> --<br>
> -- Ian<br>
><br>
><br>
> _______________________________________________<br>
> linux-aus mailing list<br>
> <a href="mailto:linux-aus@lists.linux.org.au">linux-aus@lists.linux.org.au</a><br>
> <a href="http://lists.linux.org.au/listinfo/linux-aus">http://lists.linux.org.au/listinfo/linux-aus</a><br>
></p>
<p dir="ltr">--<br>
Refactor. Engage | Succeed | Repeat<br>
tel: +61 (0)7 5668 3424<br>
mob: +61 (0)414 464564<br>
web: <a href="http://refactor.com.au">refactor.com.au</a></p>