lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 18 Aug 2008 14:54:38 -0700 (PDT)
From: richc@...gle.com
To: Android Security Announcements <android-security-announce@...glegroups.com>
Cc: android-security-discuss@...glegroups.com
Subject: Introducing the Android Security Team


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings to the Security Community,

We would like to introduce ourselves, the Android Security Team, to
the
security research and vulnerability disclosure communities.  As you
may know,
Android is a Linux-based mobile platform containing the frameworks and
libraries necessary to support easy and open development of mobile
applications. It also contains a collection of standard applications
that can
be included on a mobile device.  All of the source code of the Android
Platform
will be released later this year under the GPL and Apache 2.0
Licenses, and
many diverse groups are already working on their own Android devices
and
applications.

You can read more about Android and download the free SDK and emulator
at
http://code.google.com/android/.

As you may expect, building and maintaining a secure mobile platform
is a
difficult task.  The Android platform team has put a great deal of
work into
trying to design a platform that balances our goal of open development
and user
choice with the unique challenges of securing a consumer-focused
mobile system.
While we have found and fixed many of our own bugs as well as flaws in
other
open source projects, we realize that the discovery of additional
security
issues in a system this large and complex is inevitable.  That is why
we would
like to introduce ourselves today and let the security research
community know
how they can reach out and work with us.

If you are interested in our security philosophy and process, you may
want to
read our security FAQ: http://code.google.com/android/kb/security.html.

If you would like to report a bug in Android or one of its components,
please
email security@...roid.com.  We will respond to bug reports with
requests for
more information if necessary, and if not we will keep reporters
informed of
our progress in closing the issue.  We do appreciate and encourage
responsible
disclosure, especially since Android will be deployed on many
different devices
that will require a large amount of coordination to patch.  Help from
security
researchers in the form of usable bug reports and responsible time
lines will
greatly assist us in securing the ecosystem of Android devices as
quickly as
possible.  Our vulnerability bulletins will credit responsible
reporters of any
flaws.

If you would like to receive security patch announcements for Android,
please
join the android-security-announce Google Group:
http://groups.google.com/group/android-security-announce.  All of our
security
announcements will be signed by GPG using our key, available at
http://code.google.com/android/security_at_android_dot_com.txt.

For discussion of Android platform security and how to develop secure
Android
applications, please join the android-security-discuss Google Group:
http://groups.google.com/group/android-security-discuss.

We will be releasing more details of the security features of the
Android
platform over the next several months, as well as developer
documentation and
guidance on how to use these features in your Android applications.
The entire
team is looking forward to shipping the Android platform and seeing
what
innovative things people will do when empowered with a truly open
mobile
environment.  Please feel free to email us or start a discussion on
android-security-discuss if you have general questions or comments
regarding
the security of the Android platform.


Sincerely,

The Android Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkip4ZIACgkQcx5rnwBUD8NLTQCeNd4G2wLD8WSgxrNWxZ251cET
luMAoIwaZqEXVxDTbcNTIQUZLJeP5ZUo
=ATw2
-----END PGP SIGNATURE-----

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Android Security Announcements" group.
To post to this group, send email to android-security-announce@...glegroups.com
To unsubscribe from this group, send email to android-security-announce+unsubscribe@...glegroups.com
For more options, visit this group at http://groups.google.com/group/android-security-announce?hl=en
-~----------~----~----~----~------~----~------~--~---

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ