Public security scan tools (was: Security Working Group)
Joseph Reynolds
jrey at linux.ibm.com
Fri May 1 06:28:44 AEST 2020
On 4/30/20 3:05 PM, Joseph Reynolds wrote:
> On 4/28/20 11:12 AM, Joseph Reynolds wrote:
>> This is a reminder of the OpenBMC Security Working Group meeting
>> scheduled for this Wednesday April 29 at 10:00am PDT.
>
...snip...
>>
> Item 8 added during the meeting:
> 8. How do we run dynamic scan tools that are privately licensed and
> the output of which is copyrighted which means it cannot be shared
> with the OpenBMC community?
> We shared our current practices which does allow pushing the fixes
> back into the project. TODO: Joseph will document this practice and
> add it to the security working group wiki.
> The we discussed if we can use tools because we are a Linux function
> project. TODO: Joseph to followup with Kurt.
>
> - Joseph
Kurt (as OpenBMC Community Manager),
Does being a Linux Foundation Project help? Can we get access to
security scan tools that normally require a license to use?
See
https://github.com/openbmc/openbmc/wiki/Security-working-group#using-dynamic-security-scan-tools
Is there some way we can open up the process of dynamic scan testing to
the community? What are the best practices?
- Joseph
More information about the openbmc
mailing list