Student Projects:Most Secure Platform

From CSEP590TU
Revision as of 00:09, 7 November 2004 by Tolba (talk | contribs) (Team brainstorming result)

Jump to: navigation, search

In Search of the Most Secure Platform

This group was initially started by El-Gammal and Tolba seeking other colleagues with similar project interests. Close proximity to the Seattle area is desired for easier meetings and collaboration.

Member List

Tolba
El-Gammal
Lin Huang
Eric Vandenberg
Man Xiong
Winfred Wong


Project Goals

At the heart of the claim of open source software’s inherent security over commercial software is Eric Raymond’s maxim that “Given enough eyeballs all bugs are shallow”. This project will take a closer look at the data to support or disprove the validity of this line of reasoning, investigate the effects of having the source code available for both the attacker and defender in both open source and commercial software and the claim of commercial software providers that open source software suffers from lack of accountability in dealing with security vulnerabilities. We will also investigate how software security impacted the procurement decision making process in large corporations and government agencies.

Brainstorming ideas

In attendance: Ahmed Tolba; Ahmed Tolba; Mohammed L El-Gammal; Eric Vandenberg; Man Xiong; Lin Huang

I think we have another member (Winfred ??) – If anyone knows his email, please resend including him…

Here is the outline of the document:

Title: In Search Of The Most Secure Platform

  • Introduction
    • OS vs IP background
  • Bug Trends and Security statistics (Interview/Sources from Mike Howard)
    • Changes in user expectation on security
    • Case studies (two examples?) – OS/IP
      • Looking @ security bulletins
    • End user perspective on security
    • Economics of security
  • Comparisons of security (OS / IP)
    • Processes (dev, release, making changes, etc)
    • Incentives to be secure (company, employee, OS committee, etc)
    • Market share (impact of “security” gone broke)
    • Openness of source (accessibility, read/write, restrictions, etc)
    • Support/responsibility roles
  • Initiatives and direction for security mitigation (OS / IP)
    • Mitigation
    • User evangelism
    • Research
    • Education
    • Tools

Action Items:

  1. Mohammed: Send out a list of links for different ways to find sources. Eg, IEEE, research reports, factiva, etc. ETA: EOD Saturday.
  2. Amhed: Produce a draft based on the above.
  3. Eric: Send email to the prof to clarify who will read this thing.
  4. Collecting Sources:
    1. Eric/Winfred: Section #2
    2. Man: Section #3
    3. Mohammedd/Lin: Section #4

Of course, if you find something good that doesn’t belong in your section, include it too!

--Eric End of Email Thread

Tolba 16:09, 6 Nov 2004 (PST)
Retrieved from "http://cubist.cs.washington.edu/CSEP590TU-wiki/index.php?title=Student_Projects:Most_Secure_Platform&oldid=1335"