[funsec] DHS Funds Open-Source Security Project

Gary Funck gary at intrepid.com
Mon Mar 6 00:48:38 CST 2006

[This is likely old news, however, there was a recent sighting
on the GCC list,
where the CEO of Coverity mentions that they'd like to include
GCC into their study of software defects.]


DHS Funds Open-Source Security Project
January 11, 2006

By  Ryan Naraine
The U.S. government's Department of Homeland Security plans to spend $1.24
million over three years to fund an ambitious software auditing project
aimed at beefing up the security and reliability of several widely deployed
open-source products.
The grant, called the "Vulnerability Discovery and Remediation Open Source
Hardening Project," is part of a broad federal initiative to perform daily
security audits of approximately 40 open-source software packages, including
Linux, Apache, MySQL and Sendmail.

The plan is to use source code analysis technology from San Francisco-based
Coverity Inc. to pinpoint and correct security vulnerabilities and other
potentially dangerous defects in key open-source packages.

Software engineers at Stanford University will manage the project and
maintain a publicly available database of bugs and defects.

Anti-virus vendor Symantec Corp. is providing guidance as to where security
gaps might be in certain open-source projects.

More information about the funsec mailing list