Thank you for the link Al.
My personal interest is not for that. It's for working with vendors to
harden their services and applications, and seeing common trends.
On Fri, Apr 20, 2012 at 2:03 PM, Al Matthews <[log in to unmask]> wrote:
> On this issue, the following paper may be of interest. It contemplates an
> orderly trade in exploits:
>
> http://securityevaluators.com/files/papers/0daymarket.pdf .
>
> Thank you,
>
> Al Matthews, Software Dev,
> Atlanta University Center
> ________________________________________
> From: Code for Libraries [[log in to unmask]] On Behalf Of Peter
> Murray [[log in to unmask]]
> Sent: Friday, April 20, 2012 1:47 PM
> To: [log in to unmask]
> Subject: Re: [CODE4LIB] SEC4LIB or "Hack, Crack, and Frakk" breakout
> sessions
>
> I remember the related discussion from last month (
> http://serials.infomotions.com/code4lib/archive/2012/201203/thread.html#777)
> -- and kudos for bringing it up again -- and I find I'm still of mixed
> feelings about it. Security is an important aspect of software
> development, no argument, but I wonder if there is something separate or
> distinct for libraries about the topic. What I do wonder about, though, is
> if there is a role for a generic-to-libraries security incident response
> team that would responsibly take in reports of security problems, work with
> vendors and/or software developers, and publish outcomes. I could see a
> need for such a team that was respected in our field and had contacts with
> people from the vendor community and FOSS projects.
>
>
> Peter
>
> On Apr 20, 2012, at 12:35 PM, Erin Germ wrote:
> > At IUG I talked to a few people about security of library services and
> > applications. Becky had mentioned doing a breakout session to discuss
> > security at the next IUG or conference.
> >
> > Would anyone be interested in helping plan a breakout session and
> > discussing security of library services and application? A recent
> > presentation lead me to believe it would also be of great value to have a
> > set of good practices that are very accessible to those who do not have a
> > security, or even IT, background.
> >
> > Or would anyone be interested in forming an informal SEC4LIB discussion
> > group. This would be an informal group to discuss existing security
> > features and shortcomings of library services and applications. Ideally
> > this would include a blend of high and low level skills and knowledge.
> >
> > I am personally interested in documenting known and patched
> vulnerabilities
> > of current and past library software and services.
>
>
>
> --
> Peter Murray
> Assistant Director, Technology Services Development
> LYRASIS
> [log in to unmask]
> +1 678-235-2955
>
> 1438 West Peachtree Street NW
> Suite 200
> Atlanta, GA 30309
> Toll Free: 800.999.8558
> Fax: 404.892.7879
> www.lyrasis.org
>
> LYRASIS: Great Libraries. Strong Communities. Innovative Answers.
> -----------------------------------------
>
> **************************************************************************************************
> The contents of this email and any attachments are confidential.
> They are intended for the named recipient(s) only.
> If you have received this email in error please notify the system
> manager or the
> sender immediately and do not disclose the contents to anyone or
> make copies.
>
> ** IronMail scanned this email for viruses, vandals and malicious
> content. **
>
> **************************************************************************************************
>
|