DARPA-Funded Linux Security Hub Withers
mAriuZ writes "Initially funded by a grant from the Pentagon's DARPA, the Sardonix project aspired to replace the Linux security review process with a public website that meticulously tracks which code has been audited for security holes, and by whom. As conceived by Crispin Cowan, Sardonix was to attract volunteer auditors by automatically ranking them according to the amount of code they've examined, and the number of security holes they've found. Auditors would lose points if a subsequent audit by someone else turned up bugs they missed. ... In the end, though, nobody showed up."
If there is a bug in the kernel and nobody notices it, can we still flame Microsoft?
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
NOBODY showed up? I would think having a high Sardonix rating would be a nice piece of "hacker-street-cred", like a low /. ID number, or running Linux on a beowulf cluster of 286s.
You are not the customer.
What size tin-hat do you wear? You might want to try a larger size.
-- You see, there would be these conclusions that you could jump to
Tin is a bit expensive and difficult to find these days; I would recommend using aluminum foil.
Read, L
I didn't create an account on slashdot until almost a year after I'd first started visiting and I have this horribly high UID to show for it. Who could have known that, years later, a low UID would be such a symbol of power, fear, and respect!
:-)
I'm glad I didn't have to say that in person; I couldn't possibly have kept a straight face
A preposition is a terrible thing to end a sentence with.
How do you know that the NSA is only supporting Linux so that you will suspect them of malicious intent and therefore making it more likely that you will use FreeBSD which the NSA actually has critical exploits for.
You've fallen right into their trap.
You've fell victim for one of the classic blunders. The most famous is never get involved in a land war in Asia.
But only slightly less well known is this never go in against a Sicilian when (FreeBSD) death is on the line.
Who can blame the project for having failed, when it was named for the famous "stone of all bad" Sardonyx, i.e. Chtrag Sardius, the opposite of the Orb, or Chtrag Yaska?
Who 'lead' the project, Ctuchik The Grolim High Priest?
------>
Ok, ok... I'm a dork. Read David Eddings' "Belgariad" and "Malloreon" though - they make for a great read.
1. Read some router code
2. Document all critical security vulnerabilities
3. Do not report any bugs
4. ???
5. Profit!
There you are, staring at me again.
Auditing is boring.
Don't forget we live in a world where people collect stamps..
"It's too bad that stupidity isn't painful." - Anton LaVey