Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sardonix Source Code Security Auditing Portal

Posted by Hemos on from the take-a-gander-at-the-code dept.

Crispin Cowan writes "We have just announced the Sardonix source code security auditing portal. Sardonix is intended to help, encourage, and preserve community security auditing of open source programs. The "many eyes" effect is enabled by open source software, but is not assured. Sardonix seeks to measure who is actually reviewing the source, and reward that work with public props.

Crispin"

7 comments

  1. Open Source for National Security? by advtech · · Score: 1

    Along the lines of a different side of the "security" issue, The Edge Report has posted an interesting article talking about the national security implications of closed source software. While the infiltration of Microsoft by Al Qaeda may have been only a rumor, the article explores a world where this could happen. And guess what? We're living in it. It closes with a powerful statement: "Closed source software vendors, in the name of National Security: Open your Code!".

    http://www.edgereport.com/article.php?sid=135

    --

  2. I'm confused... by Anonymous Coward · · Score: 0

    Is this Slashdot, or Newsforge -- cuz that looks strikingly like a hopped up press release.

  3. Um, fund a non-profit, Uncle Sam by xarc · · Score: 2, Insightful

    The simple truth: Wirex is out to make a profit.

    They've already had their DARPA contracts, and what have they contributed? No-exec patches for Linux. That's about it.

    If the government had done their homework, they would have seen there are plenty of other companies that are NOT trying to capitalize on the security hype, and have a much greater pull and understanding of the community than Wirex. This project will fail, simply because Wirex cannot maintain and engage the community to an extent that it will become the premier bug-squashing center of the open source universe. If that is not the point of the project, then the money is wasted anyway.

    I'd much rather see the US funding non-profit software-security initiatives. It needs to be non-profit, and not affiliated with any one vendor. They need to be actively involved in the security community; not just post a message when they get funding. I think we'd see much greater success.

    1. Re:Um, fund a non-profit, Uncle Sam by Crispin+Cowan · · Score: 2
      Clue: DARPA funds lots of for-profit companies. The vast majority of them give back far less to the community than WireX does.

      They've already had their DARPA contracts, and what have they contributed? No-exec patches for Linux. That's about it.
      Brilliant. Completely, precisely wrong. The non-executable stack patch is by Solar Designer. WireX has contributed StackGuard, FormatGuard, and the Linux Security Module project, with more on the way.

      They need to be actively involved in the security community; not just post a message when they get funding. I think we'd see much greater success.
      I sure feel involved :-)

      Crispin
      ----
      Crispin Cowan, Ph.D.
      Chief Scientist, WireX Communications, Inc.
      Immunix: Security Hardened Linux Distribution
      Available for purchase

  4. Re:RMS in rare television appearence!!! by phanki · · Score: 1

    As mentioned above, it is indeed interesting how simple things in life can be looked at. But saying that Free Software Programmers can find gainful employment by takin some consideration over their appearence is an over-statement. The measure of a persons intellect not necessarily lies in the cost of the trouser or the tie.