On Fri, Jan 6, 2012 at 11:19 PM, Anthony Liguori <aligu...@us.ibm.com> wrote: > Hi, > > I had an idea I wanted to share and see what level of interest there was in > participating and if anyone knows of a process that other projects follow > for this. > > I'd like to start a more formal and transparent security audit of QEMU. The > way I'd imagine it working is something like this: > > 1) People volunteer to be part of the audit team > > 2) Two people walk through a particular piece of code and independently flag > anything that looks like a potential security issue. > > 3) Two people independently review everything that's flagged to see if > there's a security issue. > > Step (3) is something that requires a fairly deep understanding of QEMU but > step (2) is probably something that a lot of people could participate in. > > I'd want to focus initially on the common PC devices. The list isn't all > that large and a review like this should only take a few hours to complete > each step. > > Would folks be interested in participating in something like this? If so, I > can start organizing it. If could, i would like to be one volunteer.
> > Regards, > > Anthony Liguori > > -- Regards, Zhi Yong Wu