James... I would definitely give this a thought - sounds interesting and challenging.
Thanks a lot, Nitin On Mon, May 4, 2009 at 8:56 AM, James <[email protected]> wrote: > Nitin Kanaskar <nitinvk04 <at> gmail.com> writes: > > >> Thank you so much Dale again - but i >> would try to follow links given by Neil - >> thank you Neil - and chk in the cvs repositories. >> Really appreciate your willingness to help. > > Hello Nitin, > > After reading your thread, you seem to be a bit > flexible in what you pursue as opportunities > for security analysis. Just a suggestion, but, > in lieu of pursuing a very 'well worn path' of > vulnerability assessments, might you be interested > in exploring an alternative? > > > If so, consider testing for security vulnerabilities > on a variety of embedded (Gentoo) linux devices/architectures? > > > You'll find embedded linux on a variety of hardware, > very rich in opportunities for exploits. There are > far fewer folks to test and fix problems, and many > of the builds are barely able to support the > arch, let alone robust security analysis. You > could easily distinguish your self and provide a > huge service to the gentoo community, not to mention > working with some very sharp minds who > inhabit this space. > > > For example, you could test the vulnerability > difference between the various C libraries, > with all else being the same. Or look at vulnerability > differences between soft-float and using builds > based on hardware, just to name a few. Certainly with > a quick survey of the space, you can come up > with lots of ideas that would yield lots of > uniquely interesting information, and blaze a new path. > Gentoo on ARM is a HUGE opportunity for distinction. > > > Here are a few links for your perusal: > > http://www.gentoo.org/proj/en/base/embedded/index.xml > > http://www.gentoo.org/proj/en/base/embedded/handbook/ > > http://tinderbox.dev.gentoo.org/ > > http://slonopotamus.org/gentoo-on-n8x0 > > http://en.gentoo-wiki.com/wiki/TinyGentoo > > http://wiki.debian.org/ArmEabiPort > > http://www.codesourcery.com/sgpp/lite/arm/portal/target_arc...@template=faq#q_gnu_linux_long_long > > http://martinwguy.co.uk/martin/tech/Maverick/ > > Just a suggestion.... > > hth, > James > > > >
