Homeland Security springs $1.24Million for open source software

By Justin Mann on January 13, 2006, 1:24 PM
Not everyone is completely satisfied with the growth in use of open source software. The Department of Homeland Security in the U.S. is apparently quite concerned over security, to the point where they want things fixed to the tune of a $1.24Million grant to various institutions such as Standford University, which will be receiving the bulk of the money. And, interestingly enough. Symantec Corp. The grant is to promote development and improvement of OSS in general, though throwing money at things doesn't always get them done better. However, at least the concern is there, with security being perhaps the most important topic for the Internet today.

"The DHS is realizing that more and more of our nation's critical software infrastructure is being run on top of open source," Coverity Vice President for Marketing and Business Development David Park told LinuxInsider. "There's a feeling that there must be a hardening of these software projects to make them more reliable and secure," he said.
Coverity will be doing code audits of some very popular software, such as the world's most widely used web server, Apache, the infamous Firefox, OpenSSH, OpenVPN, Samba, MySQL and others. Some have taken exception to how the DHS is choosing to divvy their funding. However, one thing is for sure, and that is that the further development of free, secure software is important to many. It will be interesting to see how this impacts the future of the software being targeted.




User Comments: 15

Got something to say? Post a comment
PanicX said:
[b]Quote from Engler at Coverity:[/b][quote]the computer security firm (Symantec) will be working with Coverity "on market validation and some intelligence on what customers want and don't want in terms of security stuff.[/quote]Oh god please keep Symantec away from my web server. I really don't see what a $100,000 grant to Symantec can cover over a 3 year period. Thats not even enough to cover the wages of a single [url=http://swz.salary.com/salarywizard/layoutscripts/swzl_c
mpresult.asp?narrowdesc=&jobaltername=Programmer+I&state=&
obcode=IT10000010&statecode=&jobtitle=Programmer+I&narrowc
de=IT05&metrocode=&geo=U.S.+National+Averages&narrowdesc=I
+--+Computers%2C+Software&pagenumber=1&zipcode=&searchpage
&searchtype=&isswzupdateoptin=1&isjswupdateoptin=1&isnewso
tin=1&signupemail=Enter+e-mail+address&choosesignup=0]cheap programmer[/url]. Otherwise, I have to applaud DHS in recognizing the threat that Information Technology poses at an economic stand point and actually putting forth an effort to make a difference.
PUTALE said:
hehehe, yeah, symantec has not been the best for awhile now. They used to be the best and good but it's just getting too buggy and such(kinda like MS:)). It's intereesting to see that a lot of security and companies are shifting toward Linux and opoen source. I don't know,
flavin said:
id think that the GOVT would have top computer people making their files unhackable everyday & every second. personaly i think that the DHS would have more important things to spend that money on to keep the american people safe.and maybe they should keep all the really really important stuff on a computer disconnected from the internet and mail disk threw the real mail or something like that off the net
Race said:
It's at least a little comforting to know that the DHS is concerned about OSS, but I too have to wonder how far this relatively small grant can go........and doesn't the mere fact that software is open source make it more vulnerable when it comes to the bad guys, or am I wrong on this?Also...at this point, I have to cut Symantec a bit of slack...at least they've been actively involved in assisting with various security issues, and correcting some of their own mistakes.When you think about it, the DHS has an unbelievably daunting task in what they're trying to accomplish. What they're doing here is just a very small part of their goals to try and keep America safe.
PanicX said:
[b]Originally posted by Race:[/b][quote]....and doesn't the mere fact that software is open source make it more vulnerable when it comes to the bad guys, or am I wrong on this?[/quote]There's a trade off with both approaches to software security. Security through obscurity (closed source) is much like a chameleon's camoflage, since you can't really see him you're likely to pass him by and not notice his vulnerable position. However, if you develope a means to find him, say scent or heat then you're bound to find his vunerable spots. Open source on the other hand is more like a flock of birds, since there's many eyes always watching, its likely danger will be spotted before an attack happens, however since all the birds are in the open, its possible for a predator to snap up a straggler.Sorry, I'm in a metaphorical mood.
nathanskywalker said:
[b]Originally posted by PanicX:[/b][quote][b]Originally posted by Race:[/b][quote]....and doesn't the mere fact that software is open source make it more vulnerable when it comes to the bad guys, or am I wrong on this?[/quote]There's a trade off with both approaches to software security. Security through obscurity (closed source) is much like a chameleon's camoflage, since you can't really see him you're likely to pass him by and not notice his vulnerable position. However, if you develope a means to find him, say scent or heat then you're bound to find his vunerable spots. Open source on the other hand is more like a flock of birds, since there's many eyes always watching, its likely danger will be spotted before an attack happens, however since all the birds are in the open, its possible for a predator to snap up a straggler.Sorry, I'm in a metaphorical mood.[/quote]Nicely put.
MonkeyMan said:
Well, the UK is thinking about switching to open source software, and getting rid of Microsoft. Can you believe that? hmmm, I would just like to say that Symantec Corp, is on the verge of self termination. They are now labeled, as being the worst distributor of security software. Good luck Symantec, I hope you iron out all of your bugs. On another note, I commend the DHS for at least attempting to help the situation. 1.24 million dollars won't change the software to perfection, but it will nonetheless make a difference. Thanks DHS, I guess our government isn't as bad as everyone would like to think? You've got to love politics lol.
fury said:
Open source software isn't just a concept, it's a way of life. If the DHS is truly concerned over the security of computer software (as we all should be) then they should have their people start contributing to OSS rather than trying to throw money at the problem. It's like saying to your kid, "Hey, son (or daughter), I know you have screwed up morals and you're doing drugs and all that, but here have $20,000...go get yourself a good rehab program and put yourself through a couple college classes."
exscind said:
$100,000 to Symantec isn't even enough to buy them toilet papers, I don't see why the Department of Homeland Security even bothered with Symantec. At least the bulk of the grant, $841,276, is going to Stanford University. Those crazy smart people will probably be more reliable than Symantec anyway. It's good that the DHS is aware of the importance of open source, and is willing to do something about it; however, I don't agree with the action - namely the grant. $1.24 million really isn't that much to fund a project like this, especially when the DHS split the grant 3-way.
yoyomama said:
[quote]id think that the GOVT would have top computer people making their files unhackable everyday & every second. personaly i think that the DHS would have more important things to spend that money on to keep the american people safe.[/quote]I doubt that USD$ (1.24 x 10^6) means anything when compared to the annual budget of the DSH over the next 3 years. If you consider how the internet has become such an integral part of everyday productivity for [b]businesses[/b], [b]educational institutions[/b], [b]90% of the developing world[/b], etc.., it no longer seems like a waste of time. In fact, one could argue that it would be in their best interests to invest even more into open source security (especially factoring the lost time/$$ due to down time).[quote]and maybe they should keep all the really really important stuff on a computer disconnected from the internet and mail disk threw the real mail or something like that off the net[/quote]Snail-mailing important and large documents that need to be read/modified ASAP, isn't the most efficient way of working.
yoyomama said:
[b]Originally posted by fury:[/b][quote]Open source software isn't just a concept, it's a way of life. If the DHS is truly concerned over the security of computer software (as we all should be) then they should have their people start contributing to OSS rather than trying to throw money at the problem. It's like saying to your kid, "Hey, son (or daughter), I know you have screwed up morals and you're doing drugs and all that, but here have $20,000...go get yourself a good rehab program and put yourself through a couple college classes."[/quote]Quoted for truth.I agree with pretty much everything you said, although I wouldn't call open source a way of life per se. To some it just means saving a bit of cash that can be spent elsewhere. It's not the best they can do but at least it still underscores just how far open source come. Change is always a slow process, but at least the wheels are in motion. Things will only get better.
cyrax said:
Well it looks like H.S. is looking to poke their influence into everything that goes on. Even i don't think microsoft evil enough to be manipulating events like this. The open source community should be on their guard.
MonkeyMan said:
This sounds like communism doesn't it? Is the United States quietly changing its stance on democracy?
smtkr said:
I generally like anything that suports open source. I hate booting Windows (usually have to do it once a week because ***** team mates at uni are obsessed with microsoft software). Anything that will keep me from booting into Windows is a good thing. However, I don't want my tax money funding it. Grrr.
mentaljedi said:
[b]Originally posted by PanicX:[/b][quote][b]Originally posted by Race:[/b][quote]....and doesn't the mere fact that software is open source make it more vulnerable when it comes to the bad guys, or am I wrong on this?[/quote]There's a trade off with both approaches to software security. Security through obscurity (closed source) is much like a chameleon's camoflage, since you can't really see him you're likely to pass him by and not notice his vulnerable position. However, if you develope a means to find him, say scent or heat then you're bound to find his vunerable spots. Open source on the other hand is more like a flock of birds, since there's many eyes always watching, its likely danger will be spotted before an attack happens, however since all the birds are in the open, its possible for a predator to snap up a straggler.Sorry, I'm in a metaphorical mood.[/quote]wow. i sort of zoned out when i read that. Its good that more money is being invested but its not really enough i think.
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.