| 1 |
On Sunday, 17. February 2008, Eduardo Tongson wrote: |
| 2 |
> What specific kernel knowledge is needed to get a Kernel advisory up |
| 3 |
> and running ? |
| 4 |
|
| 5 |
Between becoming aware of a vulnerability in Linux and drafting an advisory |
| 6 |
for one or all kernel sources comes the part where you review which |
| 7 |
versions of which kernel sources are affected and unaffected. You also |
| 8 |
need to pay attention to specifics of the added patchsets, which might |
| 9 |
duplicate vulnerabilities. |
| 10 |
|
| 11 |
Parts of the job can indeed be done without Kernel and C knowledge, but |
| 12 |
some cannot. So if we draft a new kernel security *team*, people without C |
| 13 |
and kernel knowledge are helpful -- some others need to have it, though. |
| 14 |
|
| 15 |
Robert |
Archives