Fog security certification
-
Hello - Is there a company which backs up Fog within regards to certifying that Fog is secure. What i mean is what security controls does Fog have in order to make sure no ‘warez’ or tracking code is being implemented into the application which then gets transferred into an image.
Thanks
-
It’s all open source and you can view the code or recompile the client if you want. Other than that, I don’t understand the question very well.
-
[quote=“chad-bisd, post: 5398, member: 18”]It’s all open source and you can view the code or recompile the client if you want. Other than that, I don’t understand the question very well.[/quote]
Thanks - To clarify - What security controls does Fog developers have to make sure no compromising code is being implemented to new version of the app. Which would then be used for malicious purposes when used to build an image and would be part of an image. Is there a security company which stamps the project with a seal of approval etc? -
I don’t think there is, but I can’t answer for sure. I guess you can browse/download and scan the svn repository on sourceforge looking for malicious code. FOG is developed by mainly by 3 or 4 people working together remotely and usually on different parts of the project.
Since it’s open source and freely available via svn on sourceforge, it’s up to the user. Besides, fog is mainly a bunch of scripts and web pages that just use existing application packages available to multiple distributions of Linux (dhcpd, tftpd-hpa, vsftp, mysql, php, apache2, and others).