I cannot wait to see this. More vendors really need to jump into this area and fund it because we can't have people start working on the projects and then just quit. I'd love to see all the work that went into those secure linux distros that all decided to call it quits. All of their changes if posted publically could really help people lock down their boxes, or help people trying to do the same thing.
OpenBSD tried to send changes back to software maintainers/etc, but basically gave up after a while. A lot of bugs exist in linux utils/etc that were ironed out in OpenBSD ages ago.
Hrm, Maybe I'll take time and look at it again. Its been a while. When last I looked the only thing they actually had stuff written for was Stackguard.
They have a _lot_ more now. http://www.securityportal.com/closet/closet20000426.html
Its accounting and auditing is also crap. I don't think the BSD Accounting software is even being maintained.
Yup =(.
I know the feeling trust me. I've been auditing so much software lately and having authors tell me " Oh, well if you supply me with a patch I might begin to care about the problem ".
And people ask me what I'll do when software is secure/etc. HAHAHAHAH.
-miah
-Kurt