Hii all,

Here I have a very generic question but the answers are going to help me in a great deal in my work.

I wanted to know, before releasing a patch/update in fedora what are the steps followed to assure that the path/update are risk free or having no vulnerabilities, To be specific How the security testing is done. Like what are the steps to be followed, is there any specific tools that are used etc.

I guess experts can help me a lot in this. Please let me know if there are any constraints in sharing this. I wanted to assure that the patches are risk free before using in actual production.

Thanks a lot in advance.

Hii all,

Here I have a very generic question but the answers are going to help me in a great deal in my work.

I wanted to know, before releasing a patch/update in fedora what are the steps followed to assure that the path/update are risk free or having no vulnerabilities, To be specific How the security testing is done. Like what are the steps to be followed, is there any specific tools that are used etc.

I guess experts can help me a lot in this. Please let me know if there are any constraints in sharing this. I wanted to assure that the patches are risk free before using in actual production.

Thanks a lot in advance.

Interesting question, how does one really "test security" ? One can code with security in mind, and one can even test the code to some extent, but there is no way to predict what will happen to the code once it is released.

I suggest you look at :

http://fedoraproject.org/wiki/Security/Status

http://fedoraproject.org/wiki/Security

https://www.redhat.com/mailman/listinfo/fedora-security-list

Hi,

You might find this book helpful:

http://www.isecom.org/osstmm/

WWell,

Some other good reading or useful sites

https://buildsecurityin.us-cert.gov/bsi/home.html
http://oval.mitre.org/
http://cve.mitre.org/about/
http://scap.nist.gov/
http://nvd.nist.gov/home.cfm