Difference between revisions of "QosCosGrid Initial Security assessment"
Jump to navigation
Jump to search
Line 1: | Line 1: | ||
This wiki page documents the progress of the QCG initial security assessment, from first contact to conclusion on whether to proceed or not. | This wiki page documents the progress of the QCG initial security assessment, from first contact to conclusion on whether to proceed or not. | ||
The final security assessment of the QCG 2.6.1 is available [QCG-2.6.1_final_security_audit_results.pdf here]. | The final security assessment of the QCG 2.6.1 is available [[Media:QCG-2.6.1_final_security_audit_results.pdf|here]]. | ||
This has sparked the following questions: | |||
# A number of security flaws were found. I would be interested in: | |||
## Which specific vulnerabilities were found? | |||
Perhaps to a limited distribution list (initially, once QCG would be | ## Out of those, which ones were fixed? | ||
provisioned, then full disclosure would have to be provided within a | ## Which ones were not fixed in QCG2.6.1? | ||
well-defined distribution list) | # The report does not explicitly state whether there are remaining open vulnerabilities | ||
# Certain methodologies were employed with a specific set of tools. | |||
# Is it possible to provide details and results of specific tests? | |||
privileges while running? | ## Perhaps to a limited distribution list (initially, once QCG would be provisioned, then full disclosure would have to be provided within a well-defined distribution list) | ||
Perhaps these were implicitly covered by the actual tests done; perhaps | # Have there been dedicated tests around components that require root privileges while running? | ||
## Perhaps these were implicitly covered by the actual tests done; perhaps |
Revision as of 15:04, 1 June 2012
This wiki page documents the progress of the QCG initial security assessment, from first contact to conclusion on whether to proceed or not.
The final security assessment of the QCG 2.6.1 is available here.
This has sparked the following questions:
- A number of security flaws were found. I would be interested in:
- Which specific vulnerabilities were found?
- Out of those, which ones were fixed?
- Which ones were not fixed in QCG2.6.1?
- The report does not explicitly state whether there are remaining open vulnerabilities
- Certain methodologies were employed with a specific set of tools.
- Is it possible to provide details and results of specific tests?
- Perhaps to a limited distribution list (initially, once QCG would be provisioned, then full disclosure would have to be provided within a well-defined distribution list)
- Have there been dedicated tests around components that require root privileges while running?
- Perhaps these were implicitly covered by the actual tests done; perhaps