Public security scan tools (was: Security Working Group)

Joseph Reynolds jrey at
Fri May 1 06:28:44 AEST 2020

On 4/30/20 3:05 PM, Joseph Reynolds wrote:
> On 4/28/20 11:12 AM, Joseph Reynolds wrote:
>> This is a reminder of the OpenBMC Security Working Group meeting 
>> scheduled for this Wednesday April 29 at 10:00am PDT.
> Item 8 added during the meeting:
> 8. How do we run dynamic scan tools that are privately licensed and 
> the output of which is copyrighted which means it cannot be shared 
> with the OpenBMC community?
> We shared our current practices which does allow pushing the fixes 
> back into the project.  TODO: Joseph will document this practice and 
> add it to the security working group wiki.
> The we discussed if we can use tools because we are a Linux function 
> project.   TODO: Joseph to followup with Kurt.
> - Joseph

Kurt (as OpenBMC Community Manager),

Does being a Linux Foundation Project help?  Can we get access to 
security scan tools that normally require a license to use?

Is there some way we can open up the process of dynamic scan testing to 
the community?  What are the best practices?

- Joseph

More information about the openbmc mailing list