¿How can we improve the security of the Debian distribution to improve it both to protect the Debian project and our end users?

This presentation will try to analyse what are the major concerns related to the security in the Debian operating system, including the current trend of vulnerabilities and time to fix (an update of the one presented in Debconf3), a look on the work conducted by the Debian Security and Security Audit teams and what steps can maintainers, release managers and end-users take in order to help keep the distribution secure. The analysis will include a brief presentation of the impact of several security-enhancing technologies (SElinux, PaX, SPP..) on the distribution and what needs to be changed in order to provide these for end users.

The presentation will also try to feed some discussion including proposals related to the overall management of software quality (and how this affects the security of the released distribution) as well as to what additional work can be conducted in order for the project to provide a distibution with an enterprise-level of security that could be, at some point, Common
Criteria certified for government use.