Open Source

Security certification for open-source projects

Under a contract from the Department of Homeland Security, open-source projects are being certified for security.

Under a contract from the Department of Homeland Security, open-source projects are being certified for security.

An excerpt from TechWorld:

The programme, called the Open Source Hardening Project, is sponsored by the DHS and carried out by Coverity and Stanford University. Launched in March 2006, the $300,000 project was initially launched to review the code of 180 open-source software projects frequently used by developers of government Web sites and application developers.

Coverity, a maker of autonomous source code analysis tools, and Standford University have been collaborating on the project that has helped unearth thousands of flaws in more than 200 open-source projects.

Coverity assigns the projects a certification level based on the extent to which the code is secured. Recently, 11 open-source projects were moved to Rung 2 of the the security certification.

Considering the traction that open source has gained in the developer community, such certification is indeed great news.

More information:

Federal aid helps uncover open source flaws (Search Security)

Homeland Security helps secure open-source code (News.com)

2 comments
Michael Kassner
Michael Kassner

I certainly hope that DHS has little to say about it. It seems that they can not even get their own house in order when it pertains to security. They still get bad marks every year for security. http://government.zdnet.com/?p=3070

Neon Samurai
Neon Samurai

It seems they've been a sponsoring body rather than an administrative body in this project. They've left the heavy work up to the source analysis experts and the smart University types. Hopefully keeping it all out in the open (no pun intended.. ok a little) helps calm the conspiracy theorists too.

Editor's Picks