Feds Analyze Open Source

The Department of Homeland Security is tossing its hat in the ring to finally get serious about one huge (and so far, unaddressed)threat to our homeland security – cyber terror. While the method employed is not comprehensive, it does offer a start. But I can only speak to the theory and not to the implementation. History shows that governmental involvement in matters usually results in a big laugh. Take the DMCA for example. Or CAN-SPAM.

The initiative, called the Vulnerability Discovery and Remediation project, plans to create an ongoing audit trail of open source software and maintaining a centralized database of known bugs and exploits, a la Bugtraq. With security firms such as Symantec, and Coverity providing the legs and Stanford University providing the brains, the idea has merit. But again, I reserve judgement on the final outcome until we see where the chips fall.

More information:

• Ars Technica
• Bruce Schneier
• Cyberspawned
• Nephilim