So I was approached by Eugeni, one of my former fellows at Mandriva, today about some collaboration in regards to Mandriva's msec and my way-back-when fork for Annvix, rsec. He wrote a blog post about msec's future and plans detailing the things he wants to do with msec in the future. So he dropped me a line to see how I'd feel about making msec and rsec play nice together so there wouldn't necessarily be a need for both (since there is obviously some duplication of functionality, one being a fork of the other after all).
So I think this might be a good move. rsec is essentially a complete tool, but if we can swap in msec's plugin functionality for the reports and make it so that is can be a standalone component separate from msec (be it that msec drops the reporting capabilities and adopts a refreshed rsec as a dependency, or whether msec permits building just the reporting capabilities separate from the msec stuff), then I'm definitely game. What might be interesting, however, is to see how msec and rsec can be merged with sectool in some way. To be honest, I'd never heard of sectool until Eugeni mentioned it... it's a Fedora project so it might have a lot of Red Hat/Fedora-specific stuff in there, but if it is or could be more generalized to do what msec does as well as what rsec does, then maybe there's a place for one tool to take the place of three tools and have a broader usage base and become a better tool.
The opportunity here to build a better tool out of two, or maybe even three, tools is quite interesting and one of the things I love about open source. Merging msec and rsec should be quite easy I think. Merging with sectool might be more difficult, but I see a lot of crossover in what msec and sectool both do already -- there really is no reason to have a Mandriva-specific tool and a Fedora-specific tool that do the same thing. I suspect sectool might be good at creating decent reports which may even obsolete the need for rsec. Taking a closer look at sectool will help me determine if that is the case (and then it remains to be seen if there is a sectool build for EPEL or if it can be done since I'm currently using rsec on some Red Hat Enterprise Linux 5 and CentOS 5 systems).
Either way, I smell some possibilities here.