Why?

Story: US $1.24m grant for Open Source securityTotal Replies: 2
Author Content
salparadise

Jan 12, 2006
12:20 AM EDT
Implication being, unless the corporations step in Open Source can never be properly secure? Implication being that compared to Microsoft, Linux is a hobbyists toy that needs toughening up before it can compete?

Surely, it should be open source projects being awarded money by the government to study Microsoft code to see if it can be made fit for use.
Bob_Robertson

Jan 12, 2006
5:04 AM EDT
I think you're seeing malice where it's really just random chance. Someone at Stanford wrote a proposal and got some government money for their pet project, not the other way around.

Consider just how much money is being thrown around by DHS. Throw enough poop into the air, some might fall where it will do some good.

Also keep in mind "bureaucratic management". Unless they use up all the money in the budget, they won't get as much money next year. Toward the end of the fiscal year, government agencies spend money on everything no matter how trivial or pointless. Like Microsoft upgrades.

Lastly, F/OSS is voluntary. Even the National Security Agency has made contributions to Linux security that are useful and effective. I'm not going to tell them they can't come to the ball, that would make me the bad guy.
justme

Jan 12, 2006
7:40 AM EDT
While not as skeptical as sal, I do have some pins to poke into this balloon. When you read the article, you find out that Coverity is being paid to run their analysis software daily against a raft of open-source projects, and then post the results on the internet. Fine so far, but it seems that:

The grant is not paying for writing patches to the audited projects. The grant is not paying for writing open source code to help projects audit themselves. The grant is not paying for developers with expertise in these projects to audit code manually. The grant is not paying for coordination between Coverity and the project maintainers.

About the only good news I can see is that Coverity will now let people view the audit results for free. And that DHS recognizes the importance of open source to information security -- even if just a little bit.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!