Computerworld
Home News Blogs ReviewsWhite Papers Newsletters IT Careers

resource center


Ads by TechWords

See your link here

Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Application/Web Development
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 
 

Print edition

Sidebar: DHS Funds Effort to Find Flaws in Open-Source

By Jaikumar Vijayan
January 16, 2006 12:00 PM ET
Recommended
(0)
Digg
Share/Email

Computerworld - The U.S. Department of Homeland Security is funding a $1.24 million project that is designed to improve the security of open-source software.
The plans calls for source-code analysis vendor Coverity Inc. and Stanford University to build and maintain a publicly available database of the bugs they find in more than 40 open-source technologies, including Linux, FreeBSD, Apache, Mozilla and MySQL.
San Francisco-based Coverity said the database will include information gathered from automated daily scans of the open-source software using its Prevent code-analysis tool. Registered users should be able to access the database from Coverity's Web site starting in about three months. Security vendor Symantec Corp. will help analyze the results of the scans. Stanford will get $841,276 from the DHS over the next three years, while Coverity and Symantec will receive $297,000 and $100,000, respectively.
Dawson Engler, a computer science professor at Stanford, said the DHS's Open Source Hardening Project should produce a more formal approach for finding bugs in open-source code.
"The commercial side is using all the automated tools they can to find bugs in their products," he said. "You don't see the same kind of effort on the open-source side."
The goal is twofold, said Rob Rachwald, director of marketing at Coverity. First, government officials are "seeing an increased use of open-source, and they want to harden the code," Rachwald said. Second, he added, the data-base is designed to give the open-source community improved access to bug information so developers can make the products they're working on more secure.



Recommend Digg Twitter ShareThis
Email Print Send Feedback Reprints

Additional Resources

Xerox
Win a color printer!
By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!
Microsoft
Upgrade to Internet Explorer 8 today.
Save time and mitigate security risk. Deploy it now.
Sybase
NEXT-GENERATION MOBILITY PLATFORMS
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

White Papers & Webcasts

The High Performance Workplace
In this paper we examine the challenges and define the critical steps CFOs, CIOs, COOs and CEOs, in midsized global companies, can take...  

How to Reduce Eclipse BIRT Development Effort for Data Visualizations
Web applications can come with a long list of visualization requirements for structured data. By delivering your output through the BIRT Interactive Viewer,...

Extend, Replace, or Convert; which is the best way forward for COBOL Applications?
There are a number of choices when looking at ways to take existing COBOL applications forward. This white paper discusses the most common...  

Usability Is Everything
Learn what sets Workday's HR and Payroll solutions apart from the competition....

Accelerate SSL Encrypted Applications
The amount of SSL traffic is growing in the enterprise. Because it is encrypted, it cannot be properly controlled and accelerated. Blue Coat...  

The Value of Real SaaS at Workday
Cost savings, speed to value, and innovation brought to the enterprise by Workday's software-as-a-service solutions for HR and Payroll....

ESG Lab Field Audit
Many companies have successfully implemented Riverbed WAN optimization solutions within their Cisco networks. This ESG Lab Field Audit document explores the success that...  

SaaS at Flextronics, Inc.
Dave Smoley, CIO of Flextronics, discusses the real value of software-as-a-service and why he chose Workday for his HR solution....

Shape Your Apps Strategy to Reflect New SaaS Licensing and Pricing Trends
Why are smart companies choosing software-as-a-service? Find out in the complimentary Forrester Research report...  

Why Compliance Pays
This OnDemand webcast explores the relationship that firms with best compliance records have higher revenue, greater customer retention, lower financial losses from data...

All White Papers | All Webcasts

Computerworld Reports

Sold on SOA

An Interactive eBook: Enterprise Security

The Business Case for Server Virtualization

All Computerworld Reports
 
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.