[Security_sig] [MINUTES] Security SIG 1/19/06

[Mary Edie Meredith]

Minutes of the Security SIG call held Jan 19, 2006

Attendees:
Matt Anderson, HP
Emily Ratliff, IBM
Mary Meredith, OSDL
Dennis Wells, Unisys

We reviewed the current state of the DCL Security capabilities.  

Discussion centered around 
-a few errors (noted in the Key section),  
-the Trusted Computing entries, 
-the ease of use issues, where AppArmor (now that they open sourced 
the parts that use the LSM) has to be considered as an option and
has the ease of use characteristics we are looking for).
-discussion about valgrind as a runtime tool that looks for many of the
same bugs needed to search for common security issues.  

Since AppArmor now uses LSM, this has assured that the LSM will remain
in mainlines (previously it had only one user, making the work and the
performance hit to generalize the interface a waste). 

We talked about how we might conduct a survey to get direct feedback
about priorities from end-users.  The issue, as previously noted, is
finding the right people to fill out the survey.  Suggestion was to get
attendee list from a convention like the San Jose RSA conference in
early February, since that represents a good cross-section of various
trusted OSs.  

Since we have (for the most part) completed the CGL and DCL security
analysis, we discussed whether to continue the conference calls.  The
decision was to keep the calls on the calendar, but have the call only
if there is something to discuss. 



-- 
Mary Edie Meredith
Initiative Manager
Open Source Development Labs
maryedie at osdl.org
503-906-1942