RE: DHS helping to secure open source code

["Craddock, Larry" <l_craddock () wfec com>]

I just took a look at that list myself and with the exception of some os
specific implementations did not find hardware manufacturers listed in the
*nix section but rather in the multiple OS section. And yes, the Unix / Linux
section does include all affected *nix OS's.

Larry Craddock


-----Original Message-----
From: Mike Fetherston [mailto:mike_sha () shaw ca] 
Sent: Monday, January 23, 2006 8:01 AM
To: Craddock, Larry; 'Security-Basics (E-mail)'
Subject: RE: DHS helping to secure open source code

I took a look at the list (http://www.us-cert.gov/cas/bulletins/SB2005.html)
and feel it necessary to state that the amount of vulnerabilities are higher
than what I expected, but that the list also includes Mac OS X, AIX, FreeBSD,
HP-UX, Linux, Sony PSP, Sony Ericsson, QNX, and Symbian. As well, many web
applications are named including WordPress, Webmin, MediaWiki, Squirrelmail,
and countless PHP apps.  What's interesting is that many of these apps listed
in the *nix section are not listed in the Win32 section even though many may
be deployed on the Microsoft platform.  Topping this list off are many
embedded devices including manufacturers such as Linksys, Netgear, Nokia, LG,
Samsung, RIM.

Hope that can help shed some light.

Mike Fetherston


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------