[asterisk-dev] Google Summer of Code 2009
John Todd
jtodd at digium.com
Tue Mar 10 16:44:04 CDT 2009
On Mar 10, 2009, at 2:32 PM, Tzafrir Cohen wrote:
> On Tue, Mar 10, 2009 at 05:21:33PM -0400, Gregory Boehnlein wrote:
>> What about having someone build the Asterisk security architecture
>> as a
>> Summer of Code project?
>
> Design the ASA?
I think that would be a good first step, certainly. The document I
created outlining network security elements was a draft, and a very
incomplete one at that.
http://astridevcon.pbwiki.com/Network-Security-Framework
I think limiting the scope of a "security framework" could be done to
make a more manage-able solution. I'd suggest terming it "Network
Security Architecture (NSA)" so that it implies IP-based services
instead of the more general security concepts such as buffer
overflows, insecure string handling, and the like, as that is a much
larger project. I think it's a big enough coding challenge to
identify (and hopefully implement a solution around) the network-based
security risks that might be mitigated with more security code built
into Asterisk instead of relying on external security agents for that
purpose.
JT
---
John Todd email:jtodd at digium.com
Digium, Inc. | Asterisk Open Source Community Director
445 Jan Davis Drive NW - Huntsville AL 35806 - USA
direct: +1-256-428-6083 http://www.digium.com/
More information about the asterisk-dev
mailing list