- W3AF: web application attack and audit framework. Python based.
James Morris: [fedora-devel] Re: PackageKit policy: background and plans from James Morris at Sat, 21 Nov 2009 13:34:09 +1100 (EST) "The fundamental requirements for securing our systems were outlined in a paper by NSA researchers - "The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments"
I strongly recommend that Fedora developers read this.
Some of the requirements have been addressed since the paper was published (mostly in the area of adding Mandatory security via SELinux), although the desktop in particular still needs work. There's been some progress, e.g. XACE, which allows us to begin locking down the X itself (a video of the LPC session on this is at http://video.linuxfoundation.org/video/1566).
I was hoping to see more desktop and general OS developers at the security track of LPC -- it was mostly security folk talking to other security folk. Certainly, I think we should try and find a way to get more discussion happening amongst different groups next time.
FWIW, I discussed the "inevitability" requirements as part of a broader talk on Linux security at KCA in Brisbane earlier this year; video & slides are online: