On Wed, 11 Jan 2006 13:09:15 -0700 "John R. Shannon" <[EMAIL PROTECTED]> wrote:
: On Wednesday 11 January 2006 12:36, you wrote: : > >"The U.S. Department of Homeland Security is extending the scope of : > >its protection to open-source software." : > >... : > >"The list of open-source projects that Stanford and Coverity plan : > >to check for security bugs includes Apache, BIND, Ethereal, KDE, : > >Linux, Firefox, FreeBSD, OpenBSD, OpenSSL and MySQL..." : > : > I just find it sad that they do this, quote from the article: : > : > "It is regrettable that DHS has decided once more to ensure that : > private enterprise profits from the funding, while the open-source : > developers are left to beg for the scraps from the table," he said. : > "Why does the DHS think it is worthwhile to pay for bugs to be : > found, but has made no provision to pay for them to be fixed?" : > : > And why don't they force Microsoft to fix their own bugs that are : > present for years, that they know about and do nothing about it : > either. : > : > I don't think OpenBSD is contributing to the insecurity of the : > Internet, but Microsoft is, so they are not looking at the right : > place, but again, I guess they get political contributions they : > help them make their choices! Beating up on the one that do it : > right and pockets from the one that have the money and tell you to : > shut up! : > : > I think their database would blow up if they would start to really : > scan daily like they say on Microsoft softwares! : > : > Then pay close source to tell open source how to do things! All : > backwards I tell you! : > : > Very sad... : : It's probably worse. Any vulnerabilities found will almost assuredly : be classified or at least FOUO. That is so wrong, I can't even describe it. (Note: I am an employee of Coverity)
