Difference between revisions of "QosCosGrid Initial Security assessment"

Revision as of 15:00, 1 June 2012

This wiki page documents the progress of the QCG initial security assessment, from first contact to conclusion on whether to proceed or not.

The final security assessment of the QCG 2.6.1 is available [QCG-2.6.1_final_security_audit_results.pdf here].

1) A number of security flaws were found. I would be interested in: - Which specific vulnerabilities were found? - Out of those, which ones were fixed? - Which ones were not fixed in QCG2.6.1? The report does not explicitly state whether there are remaining open vulnerabilities

2) Certain methodologies were employed with a specific set of tools. - Is it possible to provide details and results of specific tests? Perhaps to a limited distribution list (initially, once QCG would be provisioned, then full disclosure would have to be provided within a well-defined distribution list)

3) Have there been dedicated tests around components that require root privileges while running? Perhaps these were implicitly covered by the actual tests done; perhaps Mingchao can chime in here.

@@ Line 1: / Line 1: @@
 This wiki page documents the progress of the QCG initial security assessment, from first contact to conclusion on whether to proceed or not.
-The final security assessment of the QCG 2.6.1 is available here.
+The final security assessment of the QCG 2.6.1 is available [QCG-2.6.1_final_security_audit_results.pdf here].
 ) A number of security flaws were found. I would be interested in:

Difference between revisions of "QosCosGrid Initial Security assessment"

Revision as of 15:00, 1 June 2012

Navigation menu

Search