1 |
On Fri, Aug 26, 2011 at 2:57 PM, Alex Legler <a3li@g.o> wrote: |
2 |
|
3 |
> On Friday 26 August 2011 14:18:20 Daniel A. Avelino wrote: |
4 |
> > Alex. |
5 |
> > |
6 |
> > May be a call for volunteers more "intense" could improve the manpower. |
7 |
> This |
8 |
> > could be a more |
9 |
> > easy start point to address, no?. |
10 |
> |
11 |
> Well, the staffing needs page IS the point for making such calls. It's not |
12 |
> that we haven't had people contacting us about helping, it's that they |
13 |
> usually |
14 |
> disappear shortly after that again after they've seen the tasks at hand. |
15 |
> |
16 |
> I know how it works! |
17 |
|
18 |
|
19 |
> > I work too in some [smaller] security processes and can figure out what |
20 |
> kind |
21 |
> > of work are you talking about. |
22 |
> > |
23 |
> > As Kauhaus pointed, may be somethings should be automated but again, this |
24 |
> is |
25 |
> > a hard job to |
26 |
> > implement and to keep results trustable. |
27 |
> > |
28 |
> |
29 |
> Automation is a key thing I've been introducing in the new tools and |
30 |
> processes |
31 |
> for sending advisories. |
32 |
> I'd rather not focus on a temporary automated system however, knowing that |
33 |
> we're about to get back to the/near the status quo. |
34 |
> |
35 |
> When I think about automation, I had in mind something that could help |
36 |
developers to find |
37 |
vulnerabilities in a more fast way [searching and confronting CVE, for |
38 |
example] and start a |
39 |
"call for solution" process. I work with solutions of this type for WEB |
40 |
vulnerabilities discover |
41 |
and some tools are very interesting to reduce the correction time. |
42 |
|
43 |
By the way, I will start to read about what a Padawan should know instead of |
44 |
|
45 |
make speculations prematurelly. :D |
46 |
|
47 |
Thank you very much for the explanations. |
48 |
|
49 |
Daniel A. Avelino |