U.S. taxpayers are now helping to improve open source software code and
security thanks to a grant issued by the Department of Homeland Security
(DHS).
Stanford University, Symantec and source code analysis firm Coverity are
the three recipients of a DHS grant called "Vulnerability Discovery and Remediation Open Source Hardening Project." The grant will pay $1.24 million over three years.
According to Coverity, the DHS project is part of a broad DHS federal
initiative to help secure and protect critical national communications and
computer infrastructure. More than 40 open source software projects,
including Linux, Apache, FreeBSD, MySQL, PostgreSQL and Mozilla, are expected
to benefit from the effort.
Rob Rachwald, senior director of marketing at Coverity, explained that
each of the three companies involved in the DHS effort has a specific role
to play.
Coverity is the technology engine that finds the quality problems
and security vulnerabilities. Stanford will be providing the manpower and
some of the brain power to understand what the trends are and make some
conclusions about what various packages are good for and are safe to use.
Linux Security Week: February 12th 2007 - The Communitys Center for ::
sharing firm to analyse and decode online threats in a matter of minutes. HHS needs a comprehensive approach as part of its national strategy for health
http://www.linuxsecurity.com/content/view/126971/2HOME |
Linux Security Week: January 2nd 2006::
Korea Post and the National Agricultural Cooperative Federation (NACF) have No matter the size of your enterprise, you must define
http://www.linuxsecurity.com/index2.php?option=com_content&do_pdf=1&id=121133HOME |
Symantec will be thinking about it from the point of view of what the government
can do to help improve the security of its code and software as it increases
its use of open source software.
"The DHS in many ways is obviously brokering this and they are the main
beneficiary," Rachwald told internetnews.com. "They'll benefit from better code from some consulting from Symantec and then obviously form some
academic analysis from Stanford."
It is expected that audit results from the Coverity scan will be
published on the Web, though it's not exactly clear at this point how the
effort will interact will all of the various open source applications it is
scanning.
Linux Security Week - February 19th 2001::
out of the FBI or the Justice Department is the new name, which is a matter of detection rules drafted -- The National Institute of Standards and
http://www.linuxsecurity.com/index2.php?option=com_content&do_pdf=1&id=109406HOME |
Linux Vulnerabilities Spur Enterprise Warning -- Linux Security ::
But a separate query of the National Vulnerability Database (NVD)--maintained by matter of time before an evil cracker decides to target the environment.
http://www.informationweek.com/news/software/open_source/showArtijhtml?articleID=177104986HOME |
"What we're trying to do is figure out what is the best way to work with
all the various open source packages," Rachwald said. "Currently the way
we've done it is we have a Web site called http://linuxbugs.coverity.com."
The site is password protected and provides Linux developers
with a database of defects.
Coverity is certainly no stranger to working with open source projects to
help identify defects.
Last August, a Coverity study of the Linux kernel found that defect density had declined even though Linux kernel code itself increased.
A December study that encompassed four years of analysis found that Linux has a lower bug count per line of code than its proprietary competitors.
The open source MySQL database has also been a client of Coverity. As
with Linux, the study found that MySQL had comparatively fewer defects that other similar software.
 Q&A: Open-Source Guru Eric Raymond
 Study: Linux Code Grows as Defects Decline
| 
Linux Security a National Matter