Upak Security

There is currently a scary number of vulnerability tracking systems, all doing pretty much the same work. One can find a list of most popular ones at CVE Reference Key page. We could expect better security from having so many projects, but in fact the net result is that we don't have any comprehensive source of information. Aggregators like CVE, Secunia and SecurityFocus, help track security issues, but none of them is complete, and it's not very easy to find relevant info when you get five or more secunia advisories for a bug in some wide-spread library - and all of them are about OS updates, not the lib in question.

Some operating systems, like FreeBSD, even have more than one vulnerability tracking facilities. Some vendors provide commercial support for their producst (e.g. RedHat, SUSE) and have all the reasons for using their own, proprietary security frameworks. And we should not forget that what constitutes a piece of third-party software for one OS, can come bundled in another one, complicating information an advisory should contain.

Upak aims at alleviating security tracking issues and seeks a way to make collaboration possible. To name a few possibilities:

Upak/Security (last edited 2012-02-27 07:07:54 by RoyceWilliams)