OpenBMC community telecon - 11/20 Agenda

Stewart Smith stewart at linux.vnet.ibm.com
Tue Nov 21 11:27:33 AEDT 2017


"Tanous, Ed" <ed.tanous at intel.com> writes:
> Secure coding guidelines:
> What secure coding guidelines are other groups/individuals using?    I'd like to have an open discussion about how to move toward more secure coding guidelines with the minimum possible interruption while alienating the minimum number of people.  Some subtopics:
> 1. Can anything be enforced at the master branch?  
> 2. Can anything be enforced by policy?  (example: reference components must be secure)
> 3. Does anyone have experience with automating secure coding
> guidelines?

A minimal starting point would be to run every code repository through
Coverity Scan. Setting this up with travs-ci isn't too hard (we do it
for parts of host firmware today).

Efforts to limit the damage could also be good, like strict SELinux
policy. After all, much of the current design would work quite well for
that.

-- 
Stewart Smith
OPAL Architect, IBM.



More information about the openbmc mailing list