Re: DHS Open Source Hardening Project

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 19 May 2008 20:15:15 -0700 Les H wrote:
> 
> On Mon, 2008-05-19 at 14:13 -0400, McGuffey, David C. wrote:
> > I understand that DHS is funding an effort to use commercial tools
to
> > find bugs in open source software.  I guess the official name is
> > Vulnerability Discovery and Remediation, Open Source Hardening
Project,
> > but the common handle seems to be simply Open Source Hardening
Project.
> >
> > There was an interesting article at ZDnet...some pros and some cons:
> > http://news.zdnet.com/2100-1009_22-6025579.html
> >
> > Question...is the Fedora development community benefiting from this
> > effort?
> >
> > Dave McGuffey
>
> Did you look at the date of the article?
> 
> Regards,
> Les H 
> 
Yes, but it was mentioned at the 8th Software Assurance Forum two weeks
ago in and among several presentations concerning open software
security. So...apparently the program is still going on.

There were other presentations about automated tools that scan through
both source and compiled binaries looking for actual or potential
vulnerabilities.  In some cases the code is so complex, that the tools
can only flag a block of code for further human review.  Seems that a
lot of effort is going into automated tools, because a significant
percentage of the attendees at the SWaF seems to believe that the
universities are doing a poor job of training software engineers, and
the "cost schedule" mantra of software development managers runs counter
to security.

My question remains...are the open source developers whose contributions
make it into Fedora benefiting from the DHS program or any of the other
tool development efforts?

Dave McGuffey
Principal Information System Security Engineer // NSA-IEM, NSA-IAM
SAIC, IISBU, Columbia, MD


-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux