On 01/06/2012 10:19 AM, Anthony Liguori wrote:
Hi, I had an idea I wanted to share and see what level of interest there was in participating and if anyone knows of a process that other projects follow for this. I'd like to start a more formal and transparent security audit of QEMU. The way I'd imagine it working is something like this: 1) People volunteer to be part of the audit team 2) Two people walk through a particular piece of code and independently flag anything that looks like a potential security issue. 3) Two people independently review everything that's flagged to see if there's a security issue. Step (3) is something that requires a fairly deep understanding of QEMU but step (2) is probably something that a lot of people could participate in. I'd want to focus initially on the common PC devices. The list isn't all that large and a review like this should only take a few hours to complete each step. Would folks be interested in participating in something like this? If so, I can start organizing it. Regards, Anthony Liguori
Count me in for step 2. A good approach may be to run a static analysis tool against the code, followed by a manual scan of the code for common vulnerabilities that static analysis can't find.
-- Regards, Corey