Secure Code Review Wiki - Centralized Database of Drupal Code Exploits

The wiki would not just be a page, it would have fields, taxonomies & more.

There should be
1) An open (anonymous) submission process (without review by administrators -> to prevent exploits from being withheld)
2) Auto-analysis using Secure Code Review standards of ALL Drupal.org modules (this should be possible!). By using the new quick-upgrade feature in D7, we could download all the modules from Drupal.org & then automcatically run them through the Security Code Review module -> then take the results & auto-link the specific Code Exploits with specific Modules
3) CNR - Corresponding Node References between Code Exploit content type (Current & Past) Effected Modules field and Module content type (Current & Past) Module Code Exploits field
4) Community voting to determine need to focus upon certain code exploit/vulnerability (aka how important people think it is to protect from said vulnerability)
5) Historical record-keeping of Code Exploits per individual Module (this is not needed, but it would provide a great basis for measuring progress & identifying maintainers who ensure the security of their modules). We may need to add a flag onto the node reference field (IDK if fields be flagged) to identify whether this is a current or solved/ fixed exploit. Or maybe have a 2nd node reference field on the Module/ Code Exploit content types that would automatically receive (populated by) Code Exploits identified as "fixed" ( or rather no longer present) by the on-site auto-analysis using Secure Code Review standards. Only problem here is that there is no date to identify when Code Exploit was Fixed for a specific Module. To fix this we could add a Date Field to the Node Reference Field, since D7 allows you to field fields.

"Code Exploit" Content Type Fields
1) Exploit Title (text field)
2) Exploit Categories (Term Reference - Taxonomies)
2A) Type of Exploit
2B) Occurrence Fault (most often reasons for why it occurs)
- Intentional Malicious Coding
- by Mistake (& if by mistake, what is source for the mistake? -> Drupal Upgrade Fault? New Security Standards Fault?_
3) Examples of exploit (used to provide Secure Code Review module with analysis basis)
4) Current Effected Modules (Node Reference to Modules content type - Automatically filled by running analysis on-site & identifying a New or Current Code Exploit in Module)
5) Past Effected Modules (Node Reference to Modules content type - Automatically filled by running analysis on-site & identifying a Current Code Exploit that is no longer present)

"Modules" Content Type Fields
1) Module Name
2) Module Project Page (link to Drupal.org)
3) Current Module Code Exploits (Node Reference to Code Exploit content types Current Effected Modules field )
4) Past Module Code Exploits (Node Reference to Code Exploit content types Past Effected Modules field)

Type of Exploit Term Type Fields
1) Type of Exploit Name
2) what exploit does (explain what the exploit type can be used to do --> this may become a term reference to a new Taxonomy type "Exploit Actions," which would provide a central place to list out specific exploit example actions that may occur through a particular Type of Exploit)
3) additional resources (link field)

If there is already something like this underway, then that's great. Please list out some resources for it here & insert it into the documentation of this module (since it directly relates to how powerful & effective this module can become). If not, then please help us develop this time, money, energy, and frustration saving Security Code Review analysis system (wiki)! THANKS

http://groups.drupal.org/code-review The Code Review group & related efforts would benefit from a system like this