Slashdot Mirror


DoD team nears Security Validation of OpenSSL

tadelste writes "An important DoD program took a page from Open Source and Do-It-Yourself-IT (DIYIT) and applied for their own Security Validation. In this article Steve Marquess says:as a taxpayer, I felt very annoyed. But it made me realize a couple of things. First, if OpenSSL had been validated, then it was possible for us to do it again. Secondly, if we could do it we could save a lot of money for the program."

2 of 109 comments (clear)

  1. Govt saving money? OMG! by SoTuA · · Score: 5, Insightful
    Nice to see somebody put a bit of sense in govt. spending. Why license for thousands what you can get for free? Go OpenSSL!

    BTW, this shows some of the GPL-camp fears: Too-free (as in BSD) code packaged into propietary apps... some people will not realize they can get the exact same code for free.

    (the debate on "in licensing from private outfit you are paying for support of that free code" is left to the reader ;)

  2. Summary misleading by pavon · · Score: 5, Informative

    That summary is potentially misleading because it leaves out the reason why he was annoyed. Here is the whole paragraph:

    Because OpenSSL has a BSD-style license, many vendors simply grabbed the source code and incorporated it into their proprietary products. Those vendors wanted literally hundreds of thousands of dollars in licensing fees. As Steve attests, "as a taxpayer, I felt very annoyed. But it made me realize a couple of things. First, if OpenSSL had been validated, then it was possible for us to do it again. Secondly, if we could do it we could save a lot of money for the program."

    So he was annoyed at vendors who he thought were ripping the governent off, not at the wastefullness of the government auditing OpenSSL as I read the summary to say.