Not too much to say, but I haven't written for a long time. Guess what, I got married June 29th (no online pictures currently, move along...). It has brought a lot of changes, but all for good (YMMV).
OTOH, I will hopefully get Internet access at home soon, and probably would be able to fix the huge number of bugs I currently have open (help is appreciated :)
I do have, however, an almost finished 3.0.1 release of Tiger which should fix a lot of Solaris issues (hopefully cleaning the code and making it easier to port and spot issues too). One of the reasons I'm testing it in a non-free platform is to check out how easier would be to port to other platforms (and hopefully document it soon). I promised the guys at LinuxSecurity an article about Tiger (which will hopefully also draw some attention to the new developments I included). I have only a draft written but I expect to have it finished by the end of the month...
If time permits I should test also the latest pre-release of Bastille (pre BETA 2.0) in Debian, but I haven't setup a proper environment to work (and not mess up with my environment). I'm looking at bochs and plex86 to make it (instead of using vmware). I learnt about (and tested) them while writting an article (in Spanish, not yet online, sorry) featuring Emulators for linux.
Funny, I just read mjcox entry after writting mine and found out that he's working trying to have a full CVE mapping of RedHat's advisories.
Just recently, on the debian-security mailing list Phillip Hofmeister asked if there was some way to retrieve stats easily regarding security. Well, it's not easy IMHO, but I did so (manually) for Debian some time ago (on december last year) and answered this same question in a section of the Securing Debian Manual.
However, I have recently automated the way DSAs get published on the web (here) and there are automatic ways to link DSAs to many security databases. (It's all in the web source code at the secrity template, see a DSA sample here). It should be pretty easy to automate references now (but they have to be kept uptodate).
There needs to be, in any case, a way to automatically link all the security databases like Bugtraq, CERT, CVE, ICAT. That's one of my pet projects, I will try to have an automated tool working Very Soon Now (tm)....