Re: Support Grsecurity/PaX
Kevin P. Fleming (BLOOMBERG/ 731 LEX)
(sorry for top-posting, our message system doesn't believe anything else is possible) The funding for the fuzzing project is intentionally short-to-medium-term, with two goals: helping to learn the 'state of the world' (which will feed into the census, and future support/funding decisions), and producing better and easier-to-apply fuzzing tools so that project teams can run them on their own software to identify flaws as early as possible. It's definitely not a long-term 'fuzz test the world' project. The funding for Frama-C is for further development of the tool (and related tools), not funding to do static analysis of large bodies of open source software. As a result, neither of these are suitable comparisons to the request for funding of grsecurity/PaX. Such a request would be more comparable to funding OpenSSL, ntpd, etc. Those are also not open-ended funding commitments, but are based on achieving improvements (in some cases, milestones) to continue funding. It's certainly possible that the SC would consider a funding proposal for grsecurity/PaX, but such a proposal would need to include reasonably well defined goals/milestones, and there's no question that the committee discussion would include the topic of the in-tree/out-of-tree status of these tools.
From: pageexec@... At: Aug 19 2015 17:56:13 To: Jason@..., dankohn@... Cc: cii-census@..., cii-discuss@..., spender@... Subject: Re: [cii-census] Support Grsecurity/PaX On 19 Aug 2015 at 13:37, Dan Kohn wrote:
|
|