Slashdot Mirror

← Back to Stories (view on slashdot.org)

EU To Give Free Security Audits To Apache HTTP Server and Keepass (softpedia.com)

Posted by EditorDavid on from the open-source-audits dept.

An anonymous reader writes: The European Commission announced on Wednesday that its IT engineers would provide a free security audit for the Apache HTTP Server and KeePass projects. The two projects were selected following a public survey that included several open-source projects deemed important for both the EU agencies and the wide public.

The actual security audit will be carried out by employees of the IT departments at the European Commission and the European Parliament. This is only a test pilot program that's funded until the end of the year, but the EU said it would be looking for funding to continue it past its expiration date in December 2016.

7 of 67 comments (clear)

  1. Nothing is free by Anonymous Coward · · Score: 3, Insightful

    EU to give taxpayer funded security audits.

    1. Re:Nothing is free by Anonymous Coward · · Score: 4, Insightful

      The EU has to rely on Keepass and Apache for their IT infrastructure. They should be doing these audits anyway. The only news is that the EU taxpayers get back the results to the people paying for them whilst other governments give them for free them on to their corporate buddies to sell back to the taxpayers with margin.

    2. Re:Nothing is free by drnb · · Score: 3, Insightful

      The EU has to rely on Keepass and Apache for their IT infrastructure. They should be doing these audits anyway. The only news is that the EU taxpayers get back the results to the people paying for them whilst other governments give them for free them on to their corporate buddies to sell back to the taxpayers with margin.

      And if the EU simply funded EU University security researchers to do the audit that would not benefit EU citizens? Benefit EU citizens in more ways than simply having the audit performed? This is merely about growing staff and fiefdom, typical bureaucracy.

  2. Re:IT of Commission and Parliament, not University by drnb · · Score: 3, Insightful

    Public IT is definitely who should not be responsible for this kind of testing

    Absolutely, private IT should do it, in particular Hillary's private IT. After all there is no evidence they were ever hacked. :-)

  3. Re:IT of Commission and Parliament, not University by Anonymous Coward · · Score: 2, Insightful

    Absolutely, private IT should do it, in particular Hillary's private IT. After all there is no evidence they were ever hacked.

    I hacked her server. I know, it's hard to believe, right?
    But here's the proof:

    I found an email that said, "I let Benghazi happen because I hated them. Let them die."
    Then another one, "Top security? I personally mail these things to Putin, I'm such an evil person."
    Then another one, "I love Bill."
    Then, "Hey Don, let's get this plan started. I can't lose with you running!" Not sure who Don is, probably Knuth. I heard he was a track star or something.

    There it is. I hacked Hillary's server and gave you the proof. If you don't believe me, it's because you're one of the sheep.

  4. Re:As if every government on the planet... by sumdumass · · Score: 1, Insightful

    They want to certify it as safe and secure then tell England that they cannot use this validation because they left the EU. Instead England will have to use the version that is identical but not as safe because it won't have the stamp on the box.

    Seriously though. It sounds like maybe they are trying to look important and beneficial to remaining members to avoid another exit push gaining momentum.

  5. Re:Quit the bashing by Anonymous Coward · · Score: 2, Insightful

    I'm an American, and I too think this is fantastic. OpenSSL has shown us that lax security in open source projects can have widespread disastrous consequences. I also use and love KeePass. Bring on the audits!