US DHS Testing FOSS Security

Stony Stevenson alerts us to a US Department of Homeland Security program in which subcontractors have been examining FOSS source code for security vulnerabilities. InformationWeek.com takes a glass-half-empty approach to reporting the story, saying that for FOSS code on average 1 line in 1000 contains a security bug. From the article: 'A total of 7,826 open source project defects have been fixed through the Homeland Security review, or one every two hours since it was launched in 2006 ...' ZDNet Australia prefers to emphasize those FOSS projects that fixed every reported bug, thus achieving a clean bill of health according to DHS. These include PHP, Perl, Python, Postfix, and Samba.

What about MS?

[Anonymous Coward]

Now if they would do the same to Microsoft. Oh yeah...

"The" PHP?

[sticks_us]

I stopped reading after they called it "The PHP."

Fixed?

[sjbe]

A total of 7,826 open source project defects have been fixed through the Homeland Security review

Do they mean fixed [wikipedia.org] or fixed [wikipedia.org]?

Must be run by Engineers...

[ComputerSlicer23]

Uh.. from the article, the software is called "Prevent Software Quality System"... Wow, I can't think of a bigger misnomer for something that should help improve software quality. I sure don't want to prevent software quality in my own products.

Re:"The" PHP?

[grcumb]

..the PHP, Perl, and Tcl dynamic languages...

"The" in this sentence refers to the list, not just PHP.

How could he possibly know that? He said already that he stopped reading after 'the PHP'.

/me ducks and runs...

Wow important stuff

[OzPeter]

I checked out the Coverity website [coverity.com] and saw on the list of projects the aalib ASCII art library [sourceforge.net] which according to the history hasn't been updated for something like 7 years.

Damn we better protect ourselves from Terrists hiding their WMD's in ASCI art

Re:"The" PHP?

[Anonymous Coward]

So close. Lets turn those into a proper Tcl list, shall we...

set thislist {Samba} {the PHP} {Perl} {Tcl dynamic languages} {Amanda}

Re:"The" PHP?

[grcumb]

So close. Lets turn those into a proper Tcl list, shall we...

set thislist {Samba} {the PHP} {Perl} {Tcl dynamic languages} {Amanda}

No, I think he's deliberately speaking with a LISP.... 8^)

Re:"The" PHP?

[Anonymous Coward]

Learn grammar: "The Windows ARE broken", since all of them are.

Re:Looking good, too bad the press didn't understa

[Waffle Iron]

It's like arguing that there's no point in locking your door because 100,000 houses with locks were broken into.

A more apt analogy would be: There's no point in locking your door using a limp spaghetti noodle because a limp noodle makes a completely ineffective lock.

Re:"The" PHP?

[bladesjester]

Languages like And Such, and the PHP.

Security and computer science as explained by a valley girl?

Like totally!

PHP - no security bugs!

[Anonymous Coward]

The list of officially security-bug free software includes Amanda, NTP, OpenPAM, OpenVPN, Overdose, Perl, PHP, Postfix, Python, Samba, and TCL.

This is because the security problems with PHP aren't bugs, they designed it that way.