Recent Articles

Security In The UK Could Be Set Back By Decades
In what could be a bad day for United Kingdom pen testers, stress testers, and other systems security folks, the UK is getting ready to ban the creation and...

Decision Management And E-Prescribing
Bill over at the Wireless MD had a couple of interesting posts on e-prescribing - Senatorial bi-partisan support for e-prescribing and Caveats for e-prescribing. The use of technology to improve healthcare is an endlessly...

New Data Retention Laws in Germany
Last week, Germany’s ruling parties – a coalition of SPD & CDU, with efforts in the digital area recently spearheaded by minister of interior Wolfgang. Schäuble (pictured) – passed a bill for new data retention...

Government Websites Must Focus
Government websites must specialise and deliver better services to specific audiences, not try to be everything to everybody. A number of years ago, I did some work with a department of education. It was reviewing its...

Shop.org Lobbies Against Ecommerce Taxes
Shop.org has been lobbying members of the U.S. Senate on behalf of online retailers to support a permanent extension of the ban against multiple taxes on...



01.22.08


DHS And Open Source Community Fix Over 7,800 Bugs

By Dan Morrill

Given a 300,000 dollar grant, over 7,826 flaws and security bugs in over 250 open source projects have been identified and fixed.

The collaboration between the department of homeland security, Coverity and the open source community has been a very large success, with some obvious benefits to both users and makers of open source software.

This kind of project is worth every single tax dollar spent on it, the surprising part is just how little money has been spent, against the gains that have been made.

All the software scrutinized was found to have significant numbers of security flaws, Coverity said on Wednesday. Since 2006 the project has helped fix 7,826 open source flaws in 250 projects, out of 50 million lines of code scanned, the company said. Source: PC World

These kinds of projects have obvious benefits beyond the territorial silos of open and closed source.

Closed source is also checked against security bugs, and configuration issues (check out the NSA web site).

Try a Better Way Today. Try WebEx PCNow

Adding this capability to find and fix bugs in open source code cannot but help make software that runs a good majority of the internet and internet applications safer in the longer run.

The problem is going to come up if congress does not continue funding for these kinds of projects, but in a Return on investment, the government paid about .006 of a cent per line of code, and about 38.33 dollars per bug.

In relationship, a hack attack at a company because of a flaw can easily number in the 100,000's of dollars if not millions in lost productivity, clean up, forensics,

Comments

About the Author:
Dan Morrill has been in the information security field for 18 years, both civilian and military, and is currently working on his Doctor of Management. Dan shares his insights on the important security issues of today through his blog, Managing Intellectual Property & IT Security, and is an active participant in the ITtoolbox blogging community.
About ITGovNews
Get the latest information for the IT professional.

ITGovNews is brought to you by:

SecurityConfig.com NetworkingFiles.com
NetworkNewz.com WebProASP.com
PerlProNews.com SQLProNews.com
SysAdminNews DevWebPro.com
LinuxProNews.com WirelessProNews.com
CProgrammingTrends.com ITCertificationNews.com


-- ITGovNews is an iEntry, Inc. publication --
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
2008 iEntry, Inc. All Rights Reserved Privacy Policy Legal

archives | advertising info | news headlines | free newsletters | comments/feedback | submit article


ITGovNews News Archives About Us Feedback ITGovNews Home Page About Article Archive News Downloads WebProWorld Forums Jayde iEntry Advertise Contact