Slashdot Mirror


US Government Studies Open Source Quality

anadgouda writes "US Department of Homeland Security has released a report on open source quality in an effort to study the security of open source. 31 popular open source packages were studied as part of this effort. From the article: 'Coverity's report, Stacking up the LAMP stack: a study of open source quality, was produced as part of a $1.24m, three-year DHS Science and Technology Directorate effort to evaluate and improve the security of open source.'"

3 of 165 comments (clear)

  1. Re:So they submitted Bugs, Right? by rs79 · · Score: 1, Flamebait

    I hope they looked at DJBDNS and QMAIL.

    All software should be that good.

    If they found bugs in Bind, I'm not iterested in the rest of the report. That's just pork.

    --
    Need Mercedes parts ?
  2. OSS Security depends on people admitting a bug by Wayne_Knight · · Score: 0, Flamebait
    The honest answer is free software is NOT always the best solution for every problem, especially when it comes to security. I know that people are going to flame me but sometimes the best current solution is a closed source program.

    CAD is a good example. I have heard a lot of good things about a new open source CAD program but what if you have a lot of vendors that use Solidworks or Autodesk?

    Office is another good example. Many local and state governments have tried Applix or Star Office (now OpenOffice) for a few years. The day that they got rid of it and went to Office 2003 the county workers were more productive than ever. They had a terrible time with sending files to and getting files in Office format. I tried to convince them that it would improve and that they shouldn't sign away their life, but they needed something that would just work. For them, Windows XP and Office 2003 just worked.

    If you look at a lot of the government studies of who uses and gets the most benefit out of open source it tends to fall into two categories:
    1. REALLY BIG TECH COMPANIES. They have their own support and development staff and can contribute back to open source projects.
    2. Really tiny startups with a good techie or two. They are not big enough for the big vendors to care about. So the support they get for much of the open source tools is as good, or better than, what they get from big closed source vendors.
    In the middle you have a lot of medium companies that really don't want to manage software developers or handle support in house. I am all for open source but their are a lot of issues yet to be solved.
    1. Education. I can not take a course on Linux at my local Community College. I can get my MSCE or Cisco cert there.
    2. Support. I can make Linux work for me and my company but not every company can. Where is the Linux Geek Squad? Yea all those scan-disk, defrag, run adaware and scan for virus "techies" give me the creeps but they seem to fill a need. Where can the mythical grandmother go to get a DVD installed in her Linux box or find out how to fix Thunderbird if the mail folder blows up? I will not even go into the poor state of some documentation for open source programs.
    3. Teaching. If you are going to send people out in to the real world as system administrators and/or programmers, they will have a better chance to find a job if they know Windows and Linux. Heck, they should know as many different systems like Z/OS and OS/400!
    In conclusion, open source security depends on people admitting that bugs exist. If they act all high-and-mighty, nothing happens and it's just as bad as whatever software product is out there nowadays that people just love to hate.
  3. What the hell are you talking about? by flyinwhitey · · Score: 0, Flamebait

    "The whole point of my post is that it's easy for good data to get lost in political debate."

    Then why did you bring up unrelated, useless, politically motivated points?

    No, it's obvious you were karma whoring, at tleast be a man and own up when you get caught.

    And save your protests, no one believes you.

    --
    How pathetic are you that you follow me from topic to topic and waste all your mod points at once modding me down?