Linked by Thom Holwerda on Wed 9th Jan 2008 22:34 UTC, submitted by vermaden
"Open source code, much like its commercial counterpart, tends to contain one security exposure for every 1000 lines of code, according to a program launched by the Department of Homeland Security to review and tighten up open source code's security. Popular open source projects, such as Samba, the PHP, Perl, and Tcl dynamic languages used to bind together elements of Web sites, and Amanda, the popular open source backup and recovery software running on half a million servers, were all found to have dozens or hundreds of security exposures and quality defects. A total of 7826 open source project defects have been fixed through the Homeland Security review, or one every two hours since it was launched in 2006, according to David Maxwell, open source strategist for Coverity, maker of the source code checking system, the Prevent Software Quality System, that's being used in the review." Note: I just want to state for the record that the headline has not been written by me. I do like the total kicking-in-open-doors air surrounding it, though.
Permalink for comment 295200
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
Member since:
2007-05-16
I found this article to be supportive of FOSS, and the summary doesn't do it justice. Compare it with the Slashdot summary
Stony Stevenson alerts us to a US Department of Homeland Security program in which subcontractors have been examining FOSS source code for security vulnerabilities. InformationWeek.com takes a glass-half-empty approach to reporting the story, saying that for FOSS code [0]on average 1 line in
1000 contains a security bug. From the article: 'A total of 7,826 open source project defects have been fixed through the Homeland Security review, or one every two hours since it was launched in 2006 ...' ZDNet Australia prefers to emphasize those FOSS projects that [1]fixed every reported bug, thus achieving a clean bill of health according to DHS.
These include PHP, Perl, Python, Postfix, and Samba.
Some projects fixed *every* reported bug, isn't that amazing? Closed source projects? Oh, they still have bugs, and now, they have way more than open source. The Linux kernel had way way way less than 1 vulnerability per 1000 lines.