Hi,

one of the key parts of the maintenance work is to follow the Common Vulnerabilities and Exposures (CVE)[1] and the fixes that comes out of them, in this case, to the kernel.

We can check against CVE and commit lists from Debian[2]. Currently there is no good distribution-neutral tracker for this and MITRE is not that fast in publishing details of CVEs.

One step that Members can take is to identify the person within their organizations that deal with low level security issues and put them in contact with Ben so:
* They can provide input to Ben.
* Ben H. can explain them how a kernel in maintenance work in this regard.

A long term point for CIP Members is to get a CNA ID[3] and act as a CNA or participate through a liaison if you do not want to dedicate people to this.

[1] https://cve.mitre.org/about/faqs.html
[2] svn://scm.alioth.debian.org/svn/kernel-sec/
[3] https://cve.mitre.org/cve/cna.html

Best Regards
--
Agustin Benito Bethencourt
Principal Consultant - FOSS at Codethink
agustin.benito@...