r51 - 26 Aug 2005 - 23:28:34 - HeikkiToivonenYou are here: OSAF >  Projects Web  >  DevelopmentHome > SecurityFramework

Chandler Security

Security is a subset of quality. Security must be built in, because adding it in later is costly and will likely not provide very good security. A bug in any part of the application may be a security vulnerability, so everyone is responsible for writing secure code.


  • HeikkiToivonen

Scheduled Tasks

Task Bugs Status Milestone SWAG
X.509 cert store Bug:2196 done 0.5.03 medium
Add certs on new site Bug:3055 done 0.5.04 medium
Reimplement STARTTLS Bug:2834 Done 0.5.03 medium
Integrate WebDAV ACL     0.5.04 medium

Unscheduled security related tasks

Task Bugs Status Milestone SWAG
Repository to use M2Crypto Bug:2129     small
Password manager Bug:1694     medium


Project Overview

The Chandler security project encompasses everything from identifying security threats we need to protect against and technologies we will use to counter the threats: cryptography, access control and secure software development methodologies and best practices. We also lump privacy with security. Finally there is a policy and plan for security response when things go wrong.

See also CanogaSecurityDesign which describes Canoga security requirements from a design perspective

Recommended Reading

  • Building Secure Software: How to Avoid Security Problems the Right Way by John Viega and Gary McGraw, ISBN 020172152X. Book site 1.
  • Writing Secure Code, 2nd Edition by Michael Howard and David LeBlanc, ISBN 0-7356-1722-8. Errata
  • 19 Deadly Sins of Software Security by Michael Howard, David LeBlanc and John Viega, ISBN 0-07-226085-8.

  • Secure Programming Cookbook for C and C++ by John Viega and Matt Messier, ISBN 0-596-00394-3. Book site 1. Errata.

  • Practical Cryptography by Niels Ferguson and Bruce Schneier, ISBN 047122894X. Book site 1
  • Network Security with OpenSSL by John Viega, Matt Messier and Pravir Chandra, ISBN 059600270X. Books site 1, 2
  • SSL and TLS by Eric Rescorla, ISBN 0-201-61598-3. Book site 1. Errata.

Links to other pages on wiki mentioning security

  • AgentSecurityIssues
  • SecurityIssueSummary
  • MailSecurity
  • EmailSecurityIssues
  • SecurityIssues
  • DbContentSecurity
  • DataSharing

  • Search all Chandler wiki pages that contain regexp "encrypt|auth|identit|securit|decrypt|access|acl"
  • Search all Jungle wiki pages that contain regexp "encrypt|auth|identit|securit|decrypt|access|acl"
  • Search all Journal wiki pages that contain regexp "encrypt|auth|identit|securit|decrypt|access|acl"
  • Search all Main wiki pages that contain regexp "encrypt|auth|identit|securit|decrypt|access|acl"
PageType HomePage
MaintainedBy HeikkiToivonen
PageStatus Source of truth -- this page reflects current OSAF thinking?
CommentsWelcome Feel free to contribute comments?, either by adding to the Comments Welcome section of this page, or by posting to the dev list, or by sending mail directly to the person listed as maintaining the page.
View topic | Edit |  | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r54 < r53 < r52 < r51 < r50 | More topic actions...
Open Source Applications Foundation
Except where otherwise noted, this site and its content are licensed by OSAF under an Creative Commons License, Attribution Only 3.0.
See list of page contributors for attributions.