Security Review Panel
(Proposal for Action)

John Chandler

31 March 2022

In response to the current discussion on how to convince potential customers of the quality and security of `free/open' software in this list, I am offering the following proposal for review and discussion.

I propose that a panel be formed for the purpose of reviewing any software we produce or support to ensure that it meets the following standards:

  1. The software is free of `back door' code created by the developer.
  2. The software has no exposure to outside access attempts.
  3. The software when used as designed does not fail in extreme cases.

The last case is security issue as well as a reliabilty issue for many possible markets. I refer you to the examples of `software failure' noted by Bertrand Meyer in his book OOSC-2.

John Chandler
Software Engineer

HTML generated using LaTeX2HTML
by Ross Moore, 2022-04-05 for FD-IT