Eric H. Christensen | 30 Jul 17:46 2014

Fedora Security Team

Some people have already heard about the new Security Team making the rounds on BZ trying to clean up
vulnerabilities that still linger within our OS.  Until today I've not said much as I was waiting to see how
successful we'd be at trying to remedy some of these situations.  Turns out I had nothing to fear.  So with
that I formally announce the Security Team to Fedora and open the doors to all that are interested.

== What are we doing? ==
The Security Team's mission is to assist packagers in closing security vulnerabilities.  Once alerted to a
vulnerability on a package, the security team can help work with upstream to obtain a patch or a new release
of a package.  Once we have a patch or a new release we attach it to the vulnerability bug and work with
packagers to get the fix pushed.

== How bad is the problem now? ==
As of a few days ago we had 566 open vulnerability tickets that cover both Fedora and EPEL.  The breakdown of
those bugs by severity looks like this:
* Critical: 3
* Important: 69
* Moderate: 366
* Low: 128

The good thing is that few of these vulnerabilities are considered "bad" (critical and important).  There
are likely bugs in there that no longer apply since the packages have been upgraded but the tickets never
got closed.  Also, a package that is in both Fedora and EPEL will get a ticket for each so from a pure numbers
standpoint there are duplicates in those stats.

== How many people have signed up for the team?  ==
Over twenty so far.

== How can I join/get involved/learn more about the project? ==
Go look at our wiki page[0], which is still being developed but does contain some basic information on the
team.  We also have a listserv[1] and an IRC channel[2] where we hang out.

[2] #fedora-security-team on

-- Eric

Eric "Sparks" Christensen
Fedora Project

sparks <at> - sparks <at>
097C 82C3 52DF C64A 50C2  E3A3 8076 ABDE 024B B3D1