1 |
On Sunday, 17. February 2008, Eduardo Tongson wrote: |
2 |
> What specific kernel knowledge is needed to get a Kernel advisory up |
3 |
> and running ? |
4 |
|
5 |
Between becoming aware of a vulnerability in Linux and drafting an advisory |
6 |
for one or all kernel sources comes the part where you review which |
7 |
versions of which kernel sources are affected and unaffected. You also |
8 |
need to pay attention to specifics of the added patchsets, which might |
9 |
duplicate vulnerabilities. |
10 |
|
11 |
Parts of the job can indeed be done without Kernel and C knowledge, but |
12 |
some cannot. So if we draft a new kernel security *team*, people without C |
13 |
and kernel knowledge are helpful -- some others need to have it, though. |
14 |
|
15 |
Robert |