Just finished the security audit for FC4 candidate - For 20030101-20050605 there are a potential 861 CVE named vulnerabilities that could have affected FC4 packages. 759 (88%) of those are fixed because FC4 includes an upstream version that includes a fix, 8 (1%) are still outstanding, and 94 (11%) are fixed with a backported patch. I'll post all the details to fedora-devel-list later in the week. I'm also giving a keynote about Fedora and security response at FudCon later this month.
A CSO remarked to me a couple of weeks ago that their perception was that OpenSSL had a lot of serious security issues over the years. In fact it's really only had a couple of serious issues, and in total only 15 issues in the last 4 years. So in the style of the Apache vulnerability database I did one for OpenSSL. This is now publically available and we'll keep it up to date. The page is built from a XML database of the issues.
Completed our 100th cache last weekend after a day out to grab some caches just north of Edinburgh. Took us a year to get to 100, but rather than try to do as many caches as possible we're trying to do a selection of interesting ones in interesting places. Since most caches in Scotland seem to involve 2 mile hikes we don't tend to do many each weekend. A cache last weekend took us within a few hundred yards of a certain blue and yellow swedish furniture store, which proved amazingly expensive with more bookcases, a new bed, shelving, and a packet of mini-daim bars needed to make the construction process less stressful.