Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Government Studies Open Source Quality

Posted by ryuzaki0 on from the prefer-just-to-stay-off-of-dhs-radar dept.

anadgouda writes "US Department of Homeland Security has released a report on open source quality in an effort to study the security of open source. 31 popular open source packages were studied as part of this effort. From the article: 'Coverity's report, Stacking up the LAMP stack: a study of open source quality, was produced as part of a $1.24m, three-year DHS Science and Technology Directorate effort to evaluate and improve the security of open source.'"

5 of 165 comments (clear)

  1. Evaluate and Improve by Jeremy.DeGroot · · Score: 5, Insightful
    I think it's great that the government is backing this kind of study, and I think the the high marks a lot of packages received will really be a boon to the OSS movement. I think the part of TFA that excites me the most though, is this:
    Coverity evaluated 15m lines of open source code with Stamford University's Computer Science Department. The report has identified bugs that can corrupt a machine's memory space, memory leaks, buffer overruns and crashes. Coverity said it would now engage with open source developers to improve code, and identify potential reasons for why some projects have more bugs than others.
    If they're going to take their comments back to the communities that develop the software, then this could give the development communities a lot to work on and improve, and that could give us some greatly improved software in a year or two's time. I think work like this is the real strength of Open Source, and I hope to see more of it in the future.
  2. So they submitted Bugs, Right? by BigBuckHunter · · Score: 5, Interesting

    This study would be extremely valuable if they had submitted BZilla bugs for each and every defect they encountered. It's hard to tell from the article whether they did or not. One thing that I have learned from running ~arch in Gentoo is that if you don't submit bugs, things aren't going to get fixed.

    BBH

  3. stanford will keep the database public... by hihihihi · · Score: 5, Informative

    the report have a better coverage on this page: http://www.eweek.com/article2/0,1895,1909946,00.as p

    from this TFA:
    "Anti-virus vendor Symantec Corp. is providing guidance as to where security gaps might be in certain open-source projects."

    PS:i am not sure if it has been published on /. or not

    --
    everyone downmodding this post will be prosecuted for reading my post without first buying a license!!!
  4. Yes by jascat · · Score: 5, Interesting

    While not used on every desktop, I know of a lot of F/OSS being used everyday in the military. It would be stupid to not use it. Why would companies like Redhat and Novell spend money on getting their software certified to run on classified systems if it wasn't going to get used? While we may be selling out to Microsoft a lot, there are times when those of us who know better manage to convince the decision makers of the right tool for the job. In some cases, it's a MS product, in others, it's something else.

  5. Open Source Software: Opportunities and Challenges by Old+Duck · · Score: 5, Informative

    An interesting study was done by the U.S. Military (the Airforce, I believe) concerning Open Source and it's place in the department of defense, though it is written in such a way to be useful to non-military personnel and applications. It is a similar, yet IMHO, a more interesting read than the parent.

    The report can be found as a PDF at http://www.stsc.hill.af.mil/crosstalk/2005/01/0501 Tuma.pdf

    --
    There are more things in heaven and earth, Horatio, Than are dreamt of in your philosophy.