What can I do to help ?
There are different areas where you can help the Ubuntu Security Team.
Help on the mailing list and the IRC channel
You can lend a hand with people's questions and problems on the mailing list and the IRC channel:
subscribe to ubuntu-hardened mailing list.
- hang out in #ubuntu-security (aka #ubuntu-hardened) on the Freenode IRC.
participate in IRC workshops on security during UbuntuDeveloperWeek
Test security features
Testing the existing security features of Ubuntu can done to improve both documentation and to help find bugs. You can also test and participate in the development of new security features that are being developed.
Find security bugs
Find new security issues in existing Ubuntu software. If you find something, file a bug.
Triage security bugs
Go through the list of security bugs in Ubuntu, and triage them.
Fix security bugs
Review open security bugs, find/write patches, build and test the fixes. Providing patches for security vulnerabilities is an excellent way to learn about Ubuntu processes and develop the skills necessary to become an Ubuntu developer. Please see UpdateProcedures for details.
Ubuntu shares many of the same source packages as Debian, so in addition to applying patches to Ubuntu from upstream sources, people can also get involved by performing merges from Debian. A list of potential candidates can be found in the D2U CVE tracker. For more information on merging, see UbuntuDevelopment/Merging.
The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. See SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security on Freenode.
Develop new security features
The Wishlist section of the Roadmap has many great ideas for new improvements to be made to Ubuntu's security.
How to become a member of the Ubuntu Security Team
The Ubuntu Security Team really consists of four sub-teams:
motu-swat: this team creates and tests security updates in Universe packages
- to become a member, help with Universe security updates for a while, and then get the approval of one of the team administrators.
ubuntu-hardened: this team develops and tests proactive security features in Ubuntu.
to become a member, just apply for membership
ubuntu-whitehat: this team is dedicated to "do not harm" while auditing and testing Ubuntu software and infrastructure, looking for new security issues
to become a member, see the UbuntuWhiteHat wiki pages.
ubuntu-security: this is a closed team responsible for performing security update publications