Is there currently a owners for TARA or Tiger security tools? TARA is owned by Advanced Research Corporation and Tiger's support lists are not active. Are either of these tools worth maintaining or updating?
The reason I ask is because I will be starting a Senior capstone class for college soon and was
wondering how useful would a tool like TARA/Tiger be to the Open Source
community. I invision it as a client-server application where either
the client or server can initiate a scan and the results would go into a
database (MySQL or PostgreSQL). From the DB risk acceptance filters could be applied and reports (Web & email) could be generated. A web
interface could generate reports for each site or support region. This
could be used by managment to see how security compliant a given region
is.
The DB could also have tables in it to support determining
how patch compliant systems are. I would like the DB flexable enough
to support other security concerns in the furture.
I would like
to hear your thoughts on how useful this would be before I spend a lot
of time working on it. Of cource it also comes down to if the
professor will accept it as a project.
--
Jamie Bohr