Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Government Studies Open Source Quality

Posted by ryuzaki0 on from the prefer-just-to-stay-off-of-dhs-radar dept.

anadgouda writes "US Department of Homeland Security has released a report on open source quality in an effort to study the security of open source. 31 popular open source packages were studied as part of this effort. From the article: 'Coverity's report, Stacking up the LAMP stack: a study of open source quality, was produced as part of a $1.24m, three-year DHS Science and Technology Directorate effort to evaluate and improve the security of open source.'"

15 of 165 comments (clear)

  1. So, by Eightyford · · Score: 4, Interesting

    So, does anyone have the numbers as to how much of the government uses open source? Is it mostly an applications thing (OpenOffice) right now, or are Linux and the BSDs much in use?

    --
    Religion for nerds. Stuff that really matters
    1. Re:So, by egypt_jimbob · · Score: 4, Interesting

      Speaking as a student about to graduate and go into Federal Civil Service as a penetration tester, I can tell you that all of the agencies with which I have interviewed use mostly Linux. Well, all of the agencies that are actually good at what I want to do.

      So far it's been mostly gentoo from what i've seen, but there are some places that have to use RedHat because their management said it has to have 'support.'

      Bear in mind, however, that the places i'm interviewing are hardcore hacker groups, so this may be (and probably is) completely off the norm.

      --
      I am a leaf on the wind. Watch how I soar.
  2. Evaluate and Improve by Jeremy.DeGroot · · Score: 5, Insightful
    I think it's great that the government is backing this kind of study, and I think the the high marks a lot of packages received will really be a boon to the OSS movement. I think the part of TFA that excites me the most though, is this:
    Coverity evaluated 15m lines of open source code with Stamford University's Computer Science Department. The report has identified bugs that can corrupt a machine's memory space, memory leaks, buffer overruns and crashes. Coverity said it would now engage with open source developers to improve code, and identify potential reasons for why some projects have more bugs than others.
    If they're going to take their comments back to the communities that develop the software, then this could give the development communities a lot to work on and improve, and that could give us some greatly improved software in a year or two's time. I think work like this is the real strength of Open Source, and I hope to see more of it in the future.
  3. So they submitted Bugs, Right? by BigBuckHunter · · Score: 5, Interesting

    This study would be extremely valuable if they had submitted BZilla bugs for each and every defect they encountered. It's hard to tell from the article whether they did or not. One thing that I have learned from running ~arch in Gentoo is that if you don't submit bugs, things aren't going to get fixed.

    BBH

    1. Re:So they submitted Bugs, Right? by Too+many+errors,+bai · · Score: 4, Funny

      If these packages are used within the government, the security holes discovered are probably kept secret. National security and all that.

  4. Their findings are as follows by Mancat · · Score: 4, Funny

    Open-source software is a serious threat to this country. These terrorist schemes, or "development projects," as the terrorists refer to them, are designed to rot away the core values of our great nation that we hold so dearly. One in particular, known as "Linux," is especially suspect. It is "developed" by terrorists worldwide, many of which are communists, and many of which do not even support our great commander in chief! It is apalling! How can we trust the security of our nation to these rogue "developers?" Surely they may have hidden devices in their programs, hidden in elaborate matrices of computer programming, that when activated by the terrorists, will disable the software and send them all of our secret data! It can only be expected.

    The terrorists are cunning, they are secretive, and they will destroy us if they have their way. This world-wide "open source" terrorist movement must be deconstructed and eliminated. There is no other way to protect our Great Nation! We say to you, as the purveyors of truth and all that is good, avoid this "open source" and its proponents like the plague! They wish to destroy everything we hold dear. You, my good American, are the first line of defense. Report users of "open source" to the authorities. Gather any information on them that you can. You may even consider running their dastardly "software packages" in your own free time, so that you may come to know your enemy - for knowledge is the greatest tool that we have in this fight.

    Stand proud, my fellow Americans, and beware this new emerging beast. It will surely be the end of us all if we do not take action now.

    Quoted from President George W. Bush's State of the Nation Address, January 2007.

    --
    hello dear sirs my name is jamesh i are india (bihar) can u guide me install red had linux 9?
  5. Where's the report? by boa13 · · Score: 4, Insightful

    One would expect that being about open-source and all, and with a purpose of helping open-source developers improve the quality of their code, they would publish the report on a governement website somewhere. C'mon, where's the link?

  6. stanford will keep the database public... by hihihihi · · Score: 5, Informative

    the report have a better coverage on this page: http://www.eweek.com/article2/0,1895,1909946,00.as p

    from this TFA:
    "Anti-virus vendor Symantec Corp. is providing guidance as to where security gaps might be in certain open-source projects."

    PS:i am not sure if it has been published on /. or not

    --
    everyone downmodding this post will be prosecuted for reading my post without first buying a license!!!
  7. Meaningless categorization by sreekotay · · Score: 4, Insightful

    I've always thought it VERY odd to think about "Open Source" as a thing.

    It'd be like saying: We studied the quality of software compiled with the Watcom 10.0 C++ compiler. "Open source" cuts across so many levels of skill and projects. You can pretty find projects that support (or destroy) whatever thesis you'd like to put forward

    Even more, somebody pays for the development of the software, one way or another.

    This artlice (from ONLamp) http://www.onlamp.com/pub/a/onlamp/2005/07/21/soft ware_pricing.html really puts into better perspective. Basically, it says ALL software can be deconstructed to being about the service (at least so long as the technology curve continues, in practice, to limit its lifespan).

    --
    graphicallyspeaking

    --
    graphically speaking
  8. MOD PARENT DOWN by Anonymous Coward · · Score: 4, Funny

    The parent is wasting valuable time on Slashdot that should be spent finalizing his Independent Study project for the College of Wooster. He has precious little time left.

  9. Yes by jascat · · Score: 5, Interesting

    While not used on every desktop, I know of a lot of F/OSS being used everyday in the military. It would be stupid to not use it. Why would companies like Redhat and Novell spend money on getting their software certified to run on classified systems if it wasn't going to get used? While we may be selling out to Microsoft a lot, there are times when those of us who know better manage to convince the decision makers of the right tool for the job. In some cases, it's a MS product, in others, it's something else.

  10. Open Source Software: Opportunities and Challenges by Old+Duck · · Score: 5, Informative

    An interesting study was done by the U.S. Military (the Airforce, I believe) concerning Open Source and it's place in the department of defense, though it is written in such a way to be useful to non-military personnel and applications. It is a similar, yet IMHO, a more interesting read than the parent.

    The report can be found as a PDF at http://www.stsc.hill.af.mil/crosstalk/2005/01/0501 Tuma.pdf

    --
    There are more things in heaven and earth, Horatio, Than are dreamt of in your philosophy.
  11. superb! by macsox · · Score: 4, Funny

    if there is one group of people i trust to be able to accurately identify a quality product, it's the government.

    --
    go get it
  12. Re:money? by BeanThere · · Score: 4, Insightful

    And I wonder how many more millions they can now save by using OSS, now that they know they can be more confident in its quality? Have you ever heard of the word "investment"?

  13. Navy Replaced Sun with Yellow Dog Linux ... by AHumbleOpinion · · Score: 4, Interesting

    The US Navy replaced Sun with Yellow Dog Linux, originally on Apple hardware and now on some other PowerPC based hardware, for sonar processing on subs.