US Homeland Security to Support Open Source

An anonymous reader writes "CNET is reporting that the US Department of Homeland Security is extending its support to open source software. The DHS will be giving Stanford University, Coverity, and Symantec a $1.24 million grant to improve the security of open source software. From the article: 'The Homeland Security Department grant will be paid over a three-year period, with $841,276 going to Stanford, $297,000 to Coverity and $100,000 to Symantec, according to San Francisco-based technology provider Coverity, which plans to announce the award publicly on Wednesday.' It's nice that our tax dollars are being used for the right stuff."

BIND

[ehaggis]

I would like to see the fork BIND takes under DHS. Out the applications listed, BIND must be the most formidable for securing and utilizing in a secure enviroment. This could be a boon for the overall reliability of the internet.

Good Start

[Artie Dent]

"The money is going to provide them with things they need to fix the bugs, which is bug reports. That is a lot better than they have now, which is nothing," While a agree with Engler's comment here, I also have to wonder, without proper funding to fix these bugs, what good will it do? And if a list of bugs and exploits comes out on well used Open Source Software, without the means to fix them, and these lists are leaked, it could create havoc.

Source code analysis tools

[grimJester]

The real story seems to be that the money is granted to develop and test source code analysis tools, with Stanford doing development and Symantec testing. Seems like a potentially good way to catch human errors in coding. Instant feedback for the sloppy coder would be nice.

Re:Symantec?

[KiloByte]

Don't underestimate Symantec's relations with Open Source.

They are big. They are strong. They are all negative.

Symantec is known for its FUD campaigns in order to hawk their anti-virus software. They do everything they can to fool people into believing that viruses are as prevalent in the rest of the world as they are in Windows.

Thus, I believe that a dollar given to Symantec is worse than a dollar ripped apart.

OSS what does it mean?

[Elixon]

OSS? What is it? Does it mean that Symantec will produce/improve OSS software and all related patents that will be registered (thanks to your taxes) will be released to public too?

Or is it that you sponsor OSS but proprietary software and further patnet vault of privately held corporations?

Is it good to "sponsor" privately held company in the field where it figths with conmpetition?

Re:Symantec?

[$rtbl_this]

They are all negative.

Not all of them. We use Symantec's IDS and AV/anti-spam appliances, both of which are just i386 linux boxes with some proprietary software and a candy-coated front-end. Just because their marketing folk badmouth open source software doesn't mean that their technical staff don't see the advantages.

And why again is Symantec trustworthy ?

[CaptainZapp]

Being one of the companies not detecting the infamous Sony rootkit [wired.com] I'd be really interested to know why Symantec should be trusted for anything security related.

As far it concerns me I deeply distrust all "security companies" since this little incident.

Re:And why again is Symantec trustworthy ?

[catahoula10]

Not only did they miss the root-kit:

"Symantec has admitted its flagship consumer security application, Norton AntiVirus 2005, has a security vulnerability that allows certain types of malicious script to infect a user's personal computer with a virus."

http://www.zdnet.com.au/news/security/0,2000061744 ,39165825,00.htm [zdnet.com.au]