|
|
DHS And Open Source Community Fix Over 7,800 Bugs
By Dan Morrill
Expert Author
Article Date: 2008-01-21
Given a 300,000 dollar grant, over 7,826 flaws and security bugs in over 250 open source projects have been identified and fixed.
The collaboration between the department of homeland security, Coverity and the open source community has been a very large success, with some obvious benefits to both users and makers of open source software.
This kind of project is worth every single tax dollar spent on it, the surprising part is just how little money has been spent, against the gains that have been made. All the software scrutinized was found to have significant numbers of security flaws, Coverity said on Wednesday. Since 2006 the project has helped fix 7,826 open source flaws in 250 projects, out of 50 million lines of code scanned, the company said. Source: PC World These kinds of projects have obvious benefits beyond the territorial silos of open and closed source.
Closed source is also checked against security bugs, and configuration issues (check out the NSA web site).
Adding this capability to find and fix bugs in open source code cannot but help make software that runs a good majority of the internet and internet applications safer in the longer run.
The problem is going to come up if congress does not continue funding for these kinds of projects, but in a Return on investment, the government paid about .006 of a cent per line of code, and about 38.33 dollars per bug.
In relationship, a hack attack at a company because of a flaw can easily number in the 100,000's of dollars if not millions in lost productivity, clean up, forensics,
Comments
About the Author:
Dan Morrill has been in the information security field for 18 years, both
civilian and military, and is currently working on his Doctor of Management.
Dan shares his insights on the important security issues of today through
his blog, Managing
Intellectual Property & IT Security, and is an active participant in the
ITtoolbox blogging community.
|
