Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

QosCosGrid Initial Security assessment

From EGIWiki
Revision as of 15:04, 1 June 2012 by Michel (talk | contribs)
Jump to navigation Jump to search

This wiki page documents the progress of the QCG initial security assessment, from first contact to conclusion on whether to proceed or not.

The final security assessment of the QCG 2.6.1 is available here.

This has sparked the following questions:

  1. A number of security flaws were found. I would be interested in:
    1. Which specific vulnerabilities were found?
    2. Out of those, which ones were fixed?
    3. Which ones were not fixed in QCG2.6.1?
  2. The report does not explicitly state whether there are remaining open vulnerabilities
  3. Certain methodologies were employed with a specific set of tools.
  4. Is it possible to provide details and results of specific tests?
    1. Perhaps to a limited distribution list (initially, once QCG would be provisioned, then full disclosure would have to be provided within a well-defined distribution list)
  5. Have there been dedicated tests around components that require root privileges while running?
    1. Perhaps these were implicitly covered by the actual tests done; perhaps
Retrieved from "https://wiki.egi.eu/w/index.php?title=QosCosGrid_Initial_Security_assessment&oldid=37260"