Hi,
I had an idea I wanted to share and see what level of interest there was in
participating and if anyone knows of a process that other projects follow for this.
I'd like to start a more formal and transparent security audit of QEMU. The way
I'd imagine it working is something like this:
1) People volunteer to be part of the audit team
2) Two people walk through a particular piece of code and independently flag
anything that looks like a potential security issue.
3) Two people independently review everything that's flagged to see if there's a
security issue.
Step (3) is something that requires a fairly deep understanding of QEMU but step
(2) is probably something that a lot of people could participate in.
I'd want to focus initially on the common PC devices. The list isn't all that
large and a review like this should only take a few hours to complete each step.
Would folks be interested in participating in something like this? If so, I can
start organizing it.
Regards,
Anthony Liguori
