[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Coverity + XenProject + Process?
Just wanted to throw my hat in the ring as a willing volunteer, even though I recognize we have yet settle on a process for officially volunteering. To get it out of the way immediately: I am entirely content to forfeit any sort of 'discoverer' privileges. In this respect, I care much more about the integrity of Xen and its components than I do about some sort of temporary notoriety. Similarly, I will readily sign a non-disclosure agreement, should one be required. Despite being involved with Xen in some capacity for a long time, my full time work is purely in the security domain, employed by a large public university in its security office. In addition to incident response and risk/vulnerability assessment, code audits are a major aspect of my efforts, at the university and beyond. The requirements, philosophies, and general procedures of similar undertakings are part of my daily responsibilities. If I were to become involved with a Xen code audit process, I would be comfortable classifying issues by scope, severity, and relative risk, as well as proposing fixes as appropriate. From a development perspective, I am familiar with a variety of Xen components, including the low level toolstack and hypervisor itself. Most recently, I have been focused upon mem_access/mem_events and experimenting with using clang/LLVM at build time. Motivation for volunteering is simple: In my private work, I build software and infrastructure intended to inspect and ensure the sanctity of valuable systems, including tools for reverse engineering, and a framework for virtual machine memory analysis. To do so, I utilize very particular features of Xen and depend heavily upon its integrity as a matter of course. A variety static analysis tools, fuzzers, etc., are regularly used in dual pursuit of solid development and remediation of vulnerabilities and weaknesses. My needs therefore overlap strongly with those needs and expectations of the Xen community. On Mon, Sep 2, 2013 at 5:57 AM, Lars Kurth <lars.kurth.xen@xxxxxxxxx> wrote:
_______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |