[funsec] DHS Funds Open-Source Security Project
gary at intrepid.com
Mon Mar 6 00:48:38 CST 2006
[This is likely old news, however, there was a recent sighting
on the GCC list,
where the CEO of Coverity mentions that they'd like to include
GCC into their study of software defects.]
DHS Funds Open-Source Security Project
January 11, 2006
By Ryan Naraine
The U.S. government's Department of Homeland Security plans to spend $1.24
million over three years to fund an ambitious software auditing project
aimed at beefing up the security and reliability of several widely deployed
The grant, called the "Vulnerability Discovery and Remediation Open Source
Hardening Project," is part of a broad federal initiative to perform daily
security audits of approximately 40 open-source software packages, including
Linux, Apache, MySQL and Sendmail.
The plan is to use source code analysis technology from San Francisco-based
Coverity Inc. to pinpoint and correct security vulnerabilities and other
potentially dangerous defects in key open-source packages.
Software engineers at Stanford University will manage the project and
maintain a publicly available database of bugs and defects.
Anti-virus vendor Symantec Corp. is providing guidance as to where security
gaps might be in certain open-source projects.
More information about the funsec