US Homeland Security to Support Open Source

← Back to Stories (view on slashdot.org)

US Homeland Security to Support Open Source

Posted by ScuttleMonkey on Wednesday January 11, 2006 @12:22AM from the read-the-grant-carefully dept.

An anonymous reader writes "CNET is reporting that the US Department of Homeland Security is extending its support to open source software. The DHS will be giving Stanford University, Coverity, and Symantec a $1.24 million grant to improve the security of open source software. From the article: 'The Homeland Security Department grant will be paid over a three-year period, with $841,276 going to Stanford, $297,000 to Coverity and $100,000 to Symantec, according to San Francisco-based technology provider Coverity, which plans to announce the award publicly on Wednesday.' It's nice that our tax dollars are being used for the right stuff."

5 of 186 comments (clear)

Min score:

Reason:

Sort:

Symantec? by Anonymous Coward · 2006-01-11 00:26 · Score: 5, Insightful

Symantec? Open source?? Where?!
1. Re:Symantec? by killmenow · 2006-01-11 00:39 · Score: 4, Insightful
  
  I'll add to this...
  
  The DHS will be giving Stanford University, Coverity, and Symantec a $1.24 million grant to improve the security of open source software.
  I fail to see how giving Symantec money will improve the security of anything unless we're talking about securities...as in Symantec stock. Once upon a time the name Norton prepended was a good sign. I am not trying to troll or incite flames, but I find Symantec (and McAfee for that matter) sorely wanting these days. I would be leery of running anything with their name attached to it on one of my boxes.
  
  At least they only get $100,000 and the bulk goes to Standford.
Looks like someone has a well-placed friend by 2Bits · 2006-01-11 00:57 · Score: 4, Insightful

Ok, so this is a grant. Does it mean that any software developed as a result of this grant will be open-sourced, and publicly available to all, free of charge? If not (and everything indicates that it won't be), I'd say, someone has a well-placed friend and got free money to develop their own proprietary software. Yeah, it will scan major open source softwares, and yeah, the database will be public (?), but then the tools from the grant money are still proprietary.

I thought only China has "guanxi" problem?
Re:Err wait a second. by kfg · 2006-01-11 01:02 · Score: 4, Insightful

Where's the conspiracy here?

Wait for it, wait for it!

Is it a good thing that DHS is supporting open source?

They are not supporting open source. They are supporting commercial code which can be applied against open source code.

The open soure developers and their code base are left to go scratch.

KFG
Want to Improve OSS Security? by Greyfox · 2006-01-11 02:56 · Score: 5, Insightful

Start up the old auditing program again. Source code auditing is boring work, but another set of eyes going over the code with security in mind really does help a lot. Just go down every function in the C library and work your way out to common daemons and system utilities that usually run setuid. Maybe spend some quality time with common tools that access the internet like firefox, email clients, etc. Just read each function looking for buffer overflows and other ways it might be compromised, document what you find, write a test to try to crash it, submit patches to the original authors and publish your findings and tests on the web somewhere. That leaves you with a full set of security regression tests for every product you look at.
A team of 4-5 people could probably finish off the C standard library in a matter of months and make good progress on the more common daemons that are often run on Linux systems (Bind, apache, the various mail servers, etc) in the span of a year. The money DHS is spending on this would be more than enough to hire a team that size for a year to work on that.

--
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?