DHS’s Vulnerability Discovery and Remediation Open Source Hardening Project

Also from GCN:

The Homeland Security Department has procured a bug testing service for popular open-source programs, one that will submit applications such as Apache and MySQL to a level of scrutiny enjoyed by many commercial software providers.

Open-source project leaders could use these results to fix software defects, while agency and critical infrastructure IT shops could monitor them to evaluate or take corrective action on applications.

This is a collaborative effort between Coverity, Stanford, and Symantec. It’s great to see DHS applying some effort to hardening open source tools. My main observation here, though, is that this project forces open source tools to endure a greater level of scrutiny than commercial products. Commercial software vendors generally only reveal security vulnerabilities when they have to, unlike open source communities which are compelled to discuss problems and solutions in an open forum. Perhaps, then, it’s time for DHS to start a “hardening project” for commercial products, too.

Technorati : , , ,