January 8, 2008 7:10 AM PST
11 open-source projects certified as secure
Posted by Robert Vamosi
<http://www.news.com/8300-10789_3-57.html?authorId=175&tag=author>
Coverity, which creates automated source-code analysis tools, announced
late Monday its first list of open-source projects that have been
certified as free of security defects.
Eleven projects made the list: Amanda <http://www.amanda.org/>, NTP
<http://www.ntp.org/>, OpenPAM <http://trac.des.no/openpam>, OpenVPN
<http://openvpn.net/>, Overdose <http://overdose.sourceforge.net/>, Perl
<http://www.perl.org/>, PHP <http://www.php.net/>, Postfix
<http://www.postfix.org/>, Python <http://www.python.org/>, Samba
<http://us3.samba.org/samba/>, and TCL <http://www.tcl.tk/>.
San Francisco-based Coverity <http://www.coverity.com/>, working in
collaboration with Stanford University and under a contract from the
Department of Homeland Security, is analyzing source code to certify
that open-source projects written in C, C++, and Java are secure.
Coverity has not disclosed the amount of the DHS contract.
The certification was created so that companies can "select these
open-source applications with even greater confidence," Coverity said.
The company uses a ladder metaphor in its certification process
<http://scan.coverity.com/>.
Rung 2, which was announced late Monday and is the most secure level to
date, includes the 11 projects. Rung 1
<http://scan.coverity.com/rung1.html> now includes 86 projects. Rung 0
<http://scan.coverity.com/rung0.html>, the lowest level, currently lists
173 projects.
In all cases, open-source vendors must fix all vulnerabilities
discovered by Coverity's tools in order to move up the rungs of the
security ladder.
source:
http://www.news.com/8301-10789_3-9843682-57.html
--
------------------------------------------------------------------------
http://aboen.or.id - BSD051246
gtalk : aboenx
ym : aboenc
------------------------------------------------------------------------
