Linux Security a National MatterU.S. taxpayers are now helping to improve open source software code andSecurity thanks to a grant issued by the Department of Homeland Security(DHS). Stanford University, Symantec and source code analysis firm Coverity arethe three recipients of a DHS grant called "vulnerability Discovery and Remediation Open Source Hardening Project." The grant will pay $1.24 million over three years. According to Coverity, the DHS project is part of a broad DHS federalinitiative to help secure and protect critical national communications andcomputer infrastructure. More than 40 open source software projects,including Linux, Apache, FreeBSD, MySQL, PostgreSQL and Mozilla, are expectedto benefit from the effort. Rob Rachwald, senior director of marketing at Coverity, explained thateach of the three companies involved in the DHS effort has a specific roleto play. Coverity is the technology engine that finds the quality problemsand Security vulnerabilities. Stanford will be providing the manpower andsome of the brain power to understand what the trends are and make someconclusions about what various packages are good for and are safe to use. Symantec will be thinking about it from the point of view of what the governmentcan do to help improve the Security of its code and software as it increasesits use of open source software. "The DHS in many ways is obviously brokering this and they are the mainbeneficiary," Rachwald told internetnews.com. "They'll benefit from better code from some consulting from Symantec and then obviously form someacademic analysis from Stanford." It is expected that audit results from the Coverity scan will bepublished on the Web, though it's not exactly clear at this point how theeffort will interact will all of the various open source applications it isscanning. "What we're trying to do is figure out what is the best way to work withall the various open source packages," Rachwald said. "Currently the waywe've done it is we have a Web site called http://linuxbugs.coverity.com." The site is password protected and provides Linux developerswith a database of defects. Coverity is certainly no stranger to working with open source projects tohelp identify defects. Last August, a Coverity study of the Linux kernel found that defect density had declined even though Linux kernel code itself increased. A December study that encompassed four years of analysis found that Linux has a lower bug count per line of code than its proprietary competitors. The open source MySQL database has also been a client of Coverity. Aswith Linux, the Security/article.php/3469631">study found that MySQL had comparatively fewer defects that other similar software. |
 Spammer gets five in the slammer Microsoft patches two critical flaws US wins extradition of British hacker McKinnon Teachers clueless on internet safety Spam King Wallace loses court battle Boffins dismantle great firewall of China Blue Security under siege from spammers Microsoft Patches Critical Exchange, Flash Holes Security, The Microsoft Way Doom For Anti-Spyware Software
Archived Articles
|
||||||||||||||||||||||||||||||
