DARPA pulls OpenBSD funding

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://news.com.com/2100-1016-997393.html

By Robert Lemos 
Staff Writer, CNET News.com
April 17, 2003

The unused portion of a grant from the Defense Advanced Research
Projects Agency to fund development of the open-source operating
system OpenBSD has been pulled for unspecified reasons.

The project's leader, Theo de Raadt, said Thursday he was informed by
email that the remaining portion of the $2.3 million grant has been
pulled. An email from a professor who is managing the grant did not
provide a reason, but de Raadt said he believes the cancellation was
prompted by concerns about the money going to too many foreign
developers and antiwar statements that de Raadt made to reporters.

"They decided that they didn't want (our project) anymore," de Raadt
said Thursday, less than hour after he received notification. "This is
it. It's over."

DARPA, the arm of the U.S. Department of Defense that funds research
and development and is best known for funding the project that later
became the Internet, awarded the grant in 2001 as part of its
Composable High-Assurance Trusted Systems (CHATS) projects, said de
Raadt.

About $1 million had been allotted to add new security features to
OpenBSD, an open-source OS that many consider to be the most secure
free implementation of a Unix-like system. The project had finished
most of the work in the first three months of the grant and had been
recently using the money to fund more security enhancements to the
software, de Raadt said at a recent security conference.

A University of Pennsylvania computer science professor, Jonathan
Smith, had originally applied for the grant under the title, "Portable
Open-Source Security Enhancements," or POSSE. About $500,000 of the
money went to several U.K. researchers to do a vulnerability analysis
on OpenSSL, a widely used program for encrypting communications,
especially to and from Web sites. A handful of flaws were found, de
Raadt said.

Smith refused to comment on the funding, citing the sensitivity of the
issue. An email to the POSSE project’s DARPA representative wasn't
answered.

Earlier this week, de Raadt said he was told that officials from DARPA
were concerned about statements appearing in press reports that
indicated most of the grant was being funneled to foreign researchers,
an apparent no-no for government-funded projects. Moreover, de Raadt
believed that the U.S. government took exception to comments he made
indicating that the money spent on his project meant that fewer cruise
missiles were being built.

"In the U.S., today, free speech is just a myth," de Raadt said.

He estimated that about 85 percent of the money has already been spent
and that the remaining portion would have continued the project for
another six months. "The only money that I got was my salary," he
said.

With nearly 60 OpenBSD hackers traveling to Canada to take part in a
hackathon--a week's worth of solid programming sessions--the project
now finds itself about $30,000 short of the money it needs to house
the attendees.

"We are left in the lurch very seriously...and will need to struggle
to keep our conference facilities in some way," de Raadt said.

The project will ship version 3.3 of the OpenBSD system on Friday. An
acknowledgment of the role that DARPA played, which was to appear on
the back of the box, will instead be covered by a sticker, he said.


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.