|
|
|
|
|
|
by nickpsecurity
3731 days ago
|
|
|
Here's a reference work with links to key papers on build system security for anyone trying to improve them: http://www.dwheeler.com/essays/scm-security.html Dig into archive.org for Shapiro's OpenCM while you're at it as it had a lot of nice properties. Aegis seemed to as well. Pulling good traits from Wheeler's survey into modern ones would be a good idea. Also, one can re-develop OpenCM, Aegis, etc to have modern features like plugins for common languages/apps or DVCS capabilities. SCM security techniques date back to 80's-early 90's. No excuse for today's solutions to still lack the basics. |
|
|