SAN FRANCISCO - May 20, 2008 - CoverityT, Inc., the leader in improving
software quality and security, today announced the availability of the Scan
Report on Open Source Software 2008. The Coverity Scan site was developed
with support from the U.S. Department of Homeland Security as part of the
federal government's 'Open Source Hardening Project.' The report is based on
2 years of analysis of more than 55 million lines of code on a recurring
basis from over 250 popular open source projects with Coverity PreventT, the
industry-leading static source code analysis solution.
This projects seems to be on the right track in improving open-source security. What do you think? Will this project make a big impact on code quality and security?
According to a report from code analysis vendor Coverity, the DHS sponsored effort has helped to reduce the defect density in 250 open source projects by 16 percent over the past two years. That defect reduction translates into the elimination of over 8,500 defects. The report on the benefits of the DHS open source security efforts comes at a time when open source software is increasingly becoming part of critical infrastructure both in the government and in US enterprises.
From this article it looks like the US government is helping make open source more secure. What do you think about this after reading this article?
I am not aware of any other entity, group or idea that matches these five primary characteristics of the open source movement as exactly as terrorist organizations.
Read on for a two-in-one post from Linux Today - one post shows the "paper" that goes into detail into why the open source movement can be seen as terrorism, while the second post provides some rebuttals against the argument. Do you feel the article brings up any valid points? How would you respond to the author?
Security is more than just stopping attacks - it applies to society and police security as well. This tool is a forensic tracking tool that polices forces in Australia have found useful for collecting information: The tool was developed by students from Edith Cowan University's School of Computing and Information Sciences and will help the Western Australian Police Computer Crime Squad process their forensic investigations.
Called Simple (for Simple Image Preview Live Environment), the software allows investigators to view and acquire forensic data at the scene of the crime without compromising the integrity of data as it is collected.
Source: SearchSecurity.com - Posted by Eckie Silapaswang
The initiative is a long-range plan to upgrade the security of the federal government's networks and comprises a number of separate proposals, most notably an overhaul and expansion of the government's intrusion detection system, known as Einstein. Currently, Einstein is simply a passive traffic-monitoring system that records basic data such as the originating IP address of a packet, its size and where the packet came from and where it is headed. But the data that the system captures is not analyzed in real time, so attacks and other anomalies aren't caught until well after the fact. And, Einstein is a voluntary program and is not in place at all of the federal agencies right now.
If there was one place where you'd think that security would be state-of-the-art and cutting edge, it would be our own federal government networks. I really don't see any necessary trade-off between "security" and "convenience" when it comes down to national security. What do you think a government IDS should have to set the benchmark for security?
The work is part of a U.S. government-backed project to harden open-source code.
"We applaud the developers responsible for the 11 open-source projects that have advanced to the second rung of code security and quality," said David Maxwell, open-source strategist for Coverity.
The Open Source Hardening Project, sponsored by the U.S. Department of Homeland Security, uses Coverity's Scan, which grades projects on a "ladder" according to their progress at fixing and preventing flaws.
This article talks about the Open Source Hardening Project which was started in January 2006. It discuses the current plans for helping open source security.
Source: The Register - Posted by Eckie Silapaswang
When a person asks me what a benefit of Linux is (from a layman's point of view), I frequently quote its strength against spyware - basically how using Linux is like getting an innoculation shot against the worst they throw at Windows / IE users. Who wants to use an operating system where someone you dont' even know is constantly monitoring you? In this article, the government has penalized a BitTorrent user by not only putting a monitoring bracelet on him, but they're forcing him to switch to Windows because "their monitoring software only works on Windows PCs". Read on to find out what his reaction is. Why not share you opinion on the matter? Is Linux just that good of a choice for internet browsing?
Source: Network World - Posted by Eckie Silapaswang
Because you make pens, pencils, or any other sharp objects that are capable of stabbing and killing, you are liable for producing weapons. This is the logic I see behind the German Anti-Hacker law which states that offenders are defined as any individual or group that intentionally creates, spreads or purchases hacker tools designed for illegal purposes.
These laws are based off of a "judgement call" and can only hinder the process of security researchers in their perpetual quest of closing zero-day vulnerabilities. How do you feel about laws like this being passed?
"Standing at the center of this debate on how much security is enough are agency chief information security officers, who report to chief information officers." Join the debate. Do you think if the government use Linux machines and tools more it would help their security problems? I might come down to ease of use vs security.
Source: Light Blue Touchpaper - Posted by Eckie Silapaswang
What if everyone one day took everything that "could" be used "maliciously" and with "evil intent" (even though there are many benefits to these things) and just deemed them illegal right off the bat? A hacksaw could be used to cause bodily harm (in horror movies mostly), yet it's a valuable tool for carpenters - why should there be an evaluation on its intent? In the following article, see how the government may be deeming "dual use" security tools illegal before they are even used - authors of these tools may be prosecuted if they intended the tool to be used illegally.
