Open source getting the security hit from both ends

When I say “hit” I don’t mean getting hammered either.

Novell just announced that they are going to be releasing their AppArmor intrusion prevention software under the GPL. The product will likely get some improvements from the OS community, albeit at the expense of Homeland Security adding many line items on the Linux side of their less than accurately represented vulnerabilities list.

You gotta wonder, however, if the whole US-CERT list thing was a public relations move, as Homeland Security just made a grant to three groups to improve open source security. Yep. Over a million bucks is going to Stanford University, Coverity, and Symantec to work on OS bugs. The Stanford/Coverity bit makes total sense to me – Coverity has a service that allows you to upload your C/C++ code to their system, at which time they scrub the heck out it looking for unnecessary complexity and the potential pitfalls that go along with that. The technology, by the way, came out of Stanford. I guess Symantec is just along for the ride.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.