DARPA-Funded Linux Security Hub Withers
mAriuZ writes "Initially funded by a grant from the Pentagon's DARPA, the Sardonix project aspired to replace the Linux security review process with a public website that meticulously tracks which code has been audited for security holes, and by whom. As conceived by Crispin Cowan, Sardonix was to attract volunteer auditors by automatically ranking them according to the amount of code they've examined, and the number of security holes they've found. Auditors would lose points if a subsequent audit by someone else turned up bugs they missed. ... In the end, though, nobody showed up."
Well, maybe they needed a little more exposure, eh?
I'm a sysadmin that secures plenty of mission-critical Linux (and FreeBSD) boxes, and I *thought* I kept on top of all the security news, I'd never heard of this project!
Oh well! Try try again...
It does seem to be a thankless task. For a new guy on a project, criticizing the leaders' work doesn't seem a good way to gain influence. For an old contributor, you might feel compelled to add functionality the userbase is demanding.
Interestingly, the OpenBSD project has put a lot of effort into auditing, and they also have a reputation of being somewhat, um, "grouchy". I wonder if there's some correlation?
They should have a volunteer review process to catch spelling mistakes...
One line blog. I hear that they're called Twitters now.