Slashdot Mirror
Sardonix Source Code Security Auditing Portal
Crispin Cowan writes "We have just announced the Sardonix source code security auditing portal. Sardonix is intended to help, encourage, and preserve community security auditing of open source programs. The "many eyes" effect is enabled by open source software, but is not assured. Sardonix seeks to measure who is actually reviewing the source, and reward that work with public props.
Crispin"
As regular Slashdot posters often refuse to grow up, they find their acne-ridden, jobless selves staring blankly at the television set watching Cartoon Network all day. And not just for a chance to see the Powerpuff Girls episode where they meet their own (heavily endowed) selves from the future either.
To this end, I would like to draw the Slashdot community to what could be Cartoon Network's FINEST parody. The day Richard Stallman appeared on Dexter's Laboratory.
There was an episode wherein Dexter was preparing for yet another test, and got onto the Schoolbus, clutching his "lucky pencil". Sitting down next to another geek we hadn't seen before, (clearly a reference to Linus Torvalds), the bus set off.
In the course of the bus journey, Dexter ends up losing his pencil, which rolls to the back of the bus. This area is considered 'off-limits' by the schoolkids on the bus, and they have developed a collection of myths related to it.
After having these stories related to him, Dexter decides that there is no way he is going to leave his pencil behind (a metaphor of his creativity and scientific genius) and proceeds into the dark recesses of the bus.
After some exploring, Dexter happens upon a nightmarish environment of shadows and imperceptible fear, as a giant figure looms above him, who then reveals himself to be a fat, bearded hippy.
The backstory for this character explains that he was a lazy child who fell asleep on the bus, with his hair stuck to some chewing gum. Unable to free himself from the bonds forged from his own laziness, this man-child grew up to be an unkempt scruffy figure, obese and obscured by facial hair. It is clear who this portly Peter Pan-esque figure represents. RMS in shape and thought.
But what about deed? It turns out that this character had kept himself alive over the 20 or so years he had been trapped in the back of the bus by growing his toenails long, so that he may use them as a claw to grab other children's food and discarded items. Is this not how the GNU movement works, ensaring other people's work in order to sustain the beast at the centre?
In a symbolic gesture, Dexter retrieves his pencil from the child-like hippy by, of all things, giving him a haircut. This is clearly an example of how Free Software programmers can find gainful employment by taking some consideration over their appearence.
Although one should always say goodbye to childish things, it is good to know that even the simplest cartoons have lessons to offer.
"Why did they cancel my favorite Sci-Fi show? I downloaded ALL the episodes!"
Along the lines of a different side of the "security" issue, The Edge Report has posted an interesting article talking about the national security implications of closed source software. While the infiltration of Microsoft by Al Qaeda may have been only a rumor, the article explores a world where this could happen. And guess what? We're living in it. It closes with a powerful statement: "Closed source software vendors, in the name of National Security: Open your Code!".
http://www.edgereport.com/article.php?sid=135
--
Is this Slashdot, or Newsforge -- cuz that looks strikingly like a hopped up press release.
The simple truth: Wirex is out to make a profit.
They've already had their DARPA contracts, and what have they contributed? No-exec patches for Linux. That's about it.
If the government had done their homework, they would have seen there are plenty of other companies that are NOT trying to capitalize on the security hype, and have a much greater pull and understanding of the community than Wirex. This project will fail, simply because Wirex cannot maintain and engage the community to an extent that it will become the premier bug-squashing center of the open source universe. If that is not the point of the project, then the money is wasted anyway.
I'd much rather see the US funding non-profit software-security initiatives. It needs to be non-profit, and not affiliated with any one vendor. They need to be actively involved in the security community; not just post a message when they get funding. I think we'd see much greater success.