Vulnerability Detection

Vulnerability Detection is carried out to some extent by members of the GSVG, through their own examination of code and experience as site administrators. Others spend a larger amount of their time specificially checking or testing the security of various middleware packages.

PNSC (The Poznan Supercomputing and Networking Center) Security Team carry out security testing of various middleware packages used in the EGEE infrastructure. This predominately consists of manual code examination. Packages examined so far include VOMS (Virtual Organisation Membership Service), R-GMA (Relational Grid Monitoring Architecture), LFC (Lcg File catalogue), and DPM (Disk Pool Manager). When insecure coding is found it is treated as a vulnerability.

Members of the Computer Sciences department at the University of Wisconsin have developed a methodology for Vulnerability Assessment. Their Vulnerablity Assessment web page includes results of this work and tutorials on how to carry out assessments and program defensively. Members of the Universitat Autònoma de Barcelona are collaborating with the University of Wisconsin to carry out some assessments of Grid related software.

GSVG home