Nitin Kanaskar <nitinvk04 <at> gmail.com> writes:
> Thank you so much Dale again - but i > would try to follow links given by Neil - > thank you Neil - and chk in the cvs repositories. > Really appreciate your willingness to help. Hello Nitin, After reading your thread, you seem to be a bit flexible in what you pursue as opportunities for security analysis. Just a suggestion, but, in lieu of pursuing a very 'well worn path' of vulnerability assessments, might you be interested in exploring an alternative? If so, consider testing for security vulnerabilities on a variety of embedded (Gentoo) linux devices/architectures? You'll find embedded linux on a variety of hardware, very rich in opportunities for exploits. There are far fewer folks to test and fix problems, and many of the builds are barely able to support the arch, let alone robust security analysis. You could easily distinguish your self and provide a huge service to the gentoo community, not to mention working with some very sharp minds who inhabit this space. For example, you could test the vulnerability difference between the various C libraries, with all else being the same. Or look at vulnerability differences between soft-float and using builds based on hardware, just to name a few. Certainly with a quick survey of the space, you can come up with lots of ideas that would yield lots of uniquely interesting information, and blaze a new path. Gentoo on ARM is a HUGE opportunity for distinction. Here are a few links for your perusal: http://www.gentoo.org/proj/en/base/embedded/index.xml http://www.gentoo.org/proj/en/base/embedded/handbook/ http://tinderbox.dev.gentoo.org/ http://slonopotamus.org/gentoo-on-n8x0 http://en.gentoo-wiki.com/wiki/TinyGentoo http://wiki.debian.org/ArmEabiPort http://www.codesourcery.com/sgpp/lite/arm/portal/target_arc...@template=faq#q_gnu_linux_long_long http://martinwguy.co.uk/martin/tech/Maverick/ Just a suggestion.... hth, James