Fwd: US DHS funds security for open source----1/11/06]

Marc Lijour marc-bbkyySd1vPWsTnJN9+BGXg at public.gmane.org
Wed Jan 18 21:28:38 UTC 2006


It might interest you.

marc

-------- Original Message --------
Subject: 	FW: US DHS funds security for open source----1/11/06
Date: 	Tue, 17 Jan 2006 22:51:29 +0200
From: 	Mooly Sagiv <msagiv-+lLcF8/aw9x6auLlOhE+pQ at public.gmane.org>
Reply-To: 	msagiv-+lLcF8/aw9x6auLlOhE+pQ at public.gmane.org
Organization: 	Tel-Aviv University
To: 	TAU-CS-SIGPLAN-0lvw86wZMd/ZxN5vux0HihIikrF9wMuL at public.gmane.org








  US DHS funds security for open source

IDG News Service 1/11/06

China Martens, IDG News Service, Boston Bureau

The U.S. Department of Homeland Security (DHS) has awarded a US$1.24
million three-year grant to Stanford University and software vendors
Coverity Inc. and Symantec Corp. The grant will fund daily security
audits and analysis of more than 40 open-source projects including
Apache, Linux, Mozilla, MySQL and PostgreSQL.

Known as the Vulnerability, Discovery and Remediation Open Source
Hardening Project, the grant forms part of a broad initiative by the DHS
Science and Technology Directorate to encourage the development and
deployment of technologies to protect the country's key computer systems
networks, including the Internet, according to Coverity executives. The
awarding of the grant was announced Wednesday.

Under the terms of the grant, Stanford will receive a total of $841,276
in funding over the three-year period, Coverity $297,000 and Symantec
$100,000. Source-code analysis startup Coverity will receive the bulk of
its funding, $237,000, in the first year of the grant, with the
remainder of the money, $60,000, to be paid out equally over the two
following years, according to Rob Rachwald, senior director of product
and corporate marketing with Coverity.

Coverity will use the money to extend its Prevent software so it can
analyze the source code of a wider variety of open-source projects for
software defects and security vulnerabilities.

"We'll develop the [Prevent] tool so we're able to understand what the
government needs in terms of defect detection, software reliability and
software security," Rachwald said Wednesday.

Coverity's Prevent will carry out automatic daily security audits of the
open-source projects and post the defects it finds in a public online
bug database, according to Rachwald. Stanford will contribute staff to
provide recommendations for developing secure open-source software in
future. Among those contributing will be Dawson Engler, an associate
professor of computer science at Stanford and a co-founder of Coverity,
Rachwald said. Symantec will draw on its expertise in security software
to suggest both best security practices for the U.S. government to adopt
and how to deploy software in a secure fashion so as to lower the
incidence of any attacks, he added.

Coverity plans to have the daily audits for an initial 40 open-source
projects up and running by March, according to Rachwald. However, he
expects more open-source projects to be added over time in response to
requests by the DHS. Coverity is still determining exactly how it will
present the bug database online. The company may use the same method it
does with Linux with its http://linuxbugs.coverity.com Web site, which
developers have to log into or else make the audits available via
Stanford's Web site, he said.

"This is part of a trend where government is adopting a lot of the
technology software companies already have," Rachwald said, pointing to
the likes of McAfee Inc., Sun Microsystems Inc. and Symantec, which
already use Coverity's Prevent technology.

The DHS did not immediately return calls for comment.

This is Coverity's first DHS grant, according to Rachwald. The company
applied for the grant in December 2004.

Coverity's technology originated in Stanford's computer systems
laboratory. The company, which has its headquarters in San Francisco,
was founded in 2002.





Zvi Schechter

Managing Director

Giza Venture Capital



Ramat Aviv Tower

12th Floor, 40 Einstein St.

POB 17672, Tel Aviv 61172

Direct:           972-3-640-2322

Fax:               972-3-640-2319

Mobile:          972-546-881133

E-mail:           zvi-9hnIjpviTnDQT0dZR+AlfA at public.gmane.org

Web site:       www.gizavc.com <www.gizavc.com%20%20>






+++++++++++++++++++++++++++++++++++++++++++
This Mail Was Scanned By Mail-seCure System
at the Tel-Aviv University CC.

-------------------------------------------------------
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml





More information about the Legacy mailing list