|
11 Open Source Projects cleared as Secure? |
|
|
|
Source: CNET.com - Posted by Ryan Berens
|
Coverity, which creates automated source-code analysis tools, announced late Monday its first list of open-source projects that have been certified as free of security defects.
Eleven projects made the list: Amanda, NTP, OpenPAM, OpenVPN, Overdose, Perl, PHP, Postfix, Python, Samba, and TCL.
This list of projects may seem fair and equitable. And certainly, Perl, Postfix, Amanda and others can be very secure. But PHP? Granted, the project is done with a contract from DHS as well as association with Stanford University. And their certification boasts...
strong requirements especially for moving up the "rungs" on their "ladder." Is it all that it cracks up to be?
This ladder, however systematic, seems on the light end and is driven solely by Coverity's own logic and vocabulary. Some of the descriptions as to their criteria include that "projects progress to the next rung by selecting a set of official contacts to represent the project to Coverity." There is little to state what criteria is used, why this matter and how a project gains the next "rung."
This seems like a good effort, but the arbitrary nature of the rational in what actually makes these projects secure seems a little watered down. Heck, anyone can make a ladder...
Thoughts?
Read this full article at CNET.com
Powered by AkoComment! |
