EU To Give Free Security Audits To Apache HTTP Server and Keepass (softpedia.com)

← Back to Stories (view on slashdot.org)

EU To Give Free Security Audits To Apache HTTP Server and Keepass (softpedia.com)

Posted by EditorDavid on Sunday July 24, 2016 @04:35AM from the open-source-audits dept.

An anonymous reader writes: The European Commission announced on Wednesday that its IT engineers would provide a free security audit for the Apache HTTP Server and KeePass projects. The two projects were selected following a public survey that included several open-source projects deemed important for both the EU agencies and the wide public.

The actual security audit will be carried out by employees of the IT departments at the European Commission and the European Parliament. This is only a test pilot program that's funded until the end of the year, but the EU said it would be looking for funding to continue it past its expiration date in December 2016.

6 of 67 comments (clear)

Min score:

Reason:

Sort:

Nothing is free by Anonymous Coward · 2016-07-24 04:39 · Score: 3, Insightful

EU to give taxpayer funded security audits.
1. Re:Nothing is free by Anonymous Coward · 2016-07-24 05:03 · Score: 5, Funny
  
  I get free hourly security audits of my servers from the Chinese and Russian governments.
2. Re:Nothing is free by Anonymous Coward · 2016-07-24 08:35 · Score: 4, Insightful
  
  The EU has to rely on Keepass and Apache for their IT infrastructure. They should be doing these audits anyway. The only news is that the EU taxpayers get back the results to the people paying for them whilst other governments give them for free them on to their corporate buddies to sell back to the taxpayers with margin.
3. Re:Nothing is free by drnb · 2016-07-24 11:03 · Score: 3, Insightful
  
  The EU has to rely on Keepass and Apache for their IT infrastructure. They should be doing these audits anyway. The only news is that the EU taxpayers get back the results to the people paying for them whilst other governments give them for free them on to their corporate buddies to sell back to the taxpayers with margin.
  And if the EU simply funded EU University security researchers to do the audit that would not benefit EU citizens? Benefit EU citizens in more ways than simply having the audit performed? This is merely about growing staff and fiefdom, typical bureaucracy.
Re:IT of Commission and Parliament, not University by drnb · 2016-07-24 04:51 · Score: 3, Insightful

Public IT is definitely who should not be responsible for this kind of testing
Absolutely, private IT should do it, in particular Hillary's private IT. After all there is no evidence they were ever hacked. :-)
Quit the bashing by lbalbalba · 2016-07-24 05:02 · Score: 5, Interesting

Hey, I'm an European, and I welcome this. Apache is widely used, and it's security is for the common good. At the very least, this is a step in the right direction. The only downside I can think of, is that Apache is already heavily scrutinized by both static analyzers and 'real human being' audits, so it this particular choice may be of limited use. Still, a mayor step forward in my opinion.