Inactive Projects
There are a number of desired Linux Kernel hardening projects that are inactive and do not have an owner. This page gives details on some of them. If you plan to contribute (or are already contributing) to one of these projects, please email the kernel-hardening mailing list at kernel-hardening@lists.openwall.com and mention what you're covering.
Process Improvements
Security Code Review Guidelines
This project is an effort to provide a reference that educates subsystem maintainers on what to look for when performing security reviews/audits. This would include various classes of common coding vulnerabilities and how to detect them, as well as other best practices, such as not leaving private keys laying around.
Patch Signing
This project would provide support to determine if patches have been modified or tampered since they were signed.
Verification of Critical Subsystems
This project would provide verification of critical subsystems such as:
- Networking
- Network file systems
- KVM
- Cryptographic library
- Kernel build infrastructure
This could include approaches such as manual audits, static analysis, fuzzing testing, etc.