U.S. taxpayers are now helping to improve open source software code and security thanks to a Department of Homeland Security (DHS) grant.
The Department of Homeland Security has issued grant money to improve open source code.
Stanford University, Symantec, and source code analysis firm Coverity are the three recipients of a DHS grant called “Vulnerability Discovery and Remediation Open Source Hardening Project,” which will pay $1.24 million over three years.
According to Coverity, the DHS project is part of a broad DHS federal initiative to help secure and protect critical national communications and computer infrastructure. More than 40 open source software projects, including Linux, Apache, FreeBSD, MySQL, PostgreSQL, and Mozilla, are expected to benefit from the effort.
Rob Rachwald, senior director of marketing at Coverity, explained that each of the three companies involved in the DHS effort has a specific role to play.
Coverity is the technology engine that finds the quality problems and security vulnerabilities. Stanford will be providing the manpower and some of the brain power to understand what the trends are and make some conclusions about what various packages are good for and are safe to use.
Symantec will be thinking about it from the point of view of what the government can do to help improve the security of its code and software as it increases its use of open source software.
“The DHS in many ways is obviously brokering this, and they are the main beneficiary,” Rachwald told internetnews.com. “They’ll benefit from better code from some consulting from Symantec and then obviously form some academic analysis from Stanford.”
It is expected that audit results from the Coverity scan will be published on the Web, though it’s not exactly clear at this point how the effort will interact will all of the various open source applications it is scanning.
“What we’re trying to do is figure out what is the best way to work with all the various open source packages,” Rachwald said. “Currently the way we’ve done it is we have a Web site called http://linuxbugs.coverity.com.”
The site is password-protected and provides Linux developers with a database of defects.
Coverity is certainly no stranger to working with open source projects to help identify defects.
Last August, a Coverity study of the Linux kernel found that defect density had declined even though Linux kernel code itself increased. A December study encompassing four years of analysis found that Linux has a lower bug count per line of code than its proprietary competitors.
The open source MySQL database has also been a client of Coverity. As with Linux, the study found that MySQL had comparatively fewer defects that other similar software.
This article was originally published on Internetnews.com.
Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.
ServerWatch is a top resource on servers. Explore the latest news, reviews and guides for server administrators now.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
