Security Basics mailing list archives
RE: DHS helping to secure open source code
From: Mike Fetherston <mike_sha () shaw ca>
Date: Mon, 23 Jan 2006 09:01:04 -0500
I took a look at the list (http://www.us-cert.gov/cas/bulletins/SB2005.html) and feel it necessary to state that the amount of vulnerabilities are higher than what I expected, but that the list also includes Mac OS X, AIX, FreeBSD, HP-UX, Linux, Sony PSP, Sony Ericsson, QNX, and Symbian. As well, many web applications are named including WordPress, Webmin, MediaWiki, Squirrelmail, and countless PHP apps. What's interesting is that many of these apps listed in the *nix section are not listed in the Win32 section even though many may be deployed on the Microsoft platform. Topping this list off are many embedded devices including manufacturers such as Linksys, Netgear, Nokia, LG, Samsung, RIM. Hope that can help shed some light. Mike Fetherston
-----Original Message----- From: Craddock, Larry [mailto:l_craddock () wfec com] Sent: Friday, January 20, 2006 12:02 PM To: Security-Basics (E-mail) Subject: RE: DHS helping to secure open source code "US-CERT's (United States Computer Emergency Readiness Team) 2005 year-end vulnerability statistics found a startling increase in flaws in Unix/Linux operating systems. The controversial data revealed 812 flaws in Windows, compared with 2,328 vulnerabilities in various Unix/Linux packages. " Looks to me like the reason the DHS is funding the project is because they *do* have some doubts. Larry Craddock -----Original Message----- From: Saqib Ali [mailto:docbook.xml () gmail com] Sent: Tuesday, January 17, 2006 6:00 PM To: Security-Basics (E-mail) Subject: DHS helping to secure open source code For people who doubt the secure coding practices in open source projects: http://www.schneier.com/blog/archives/2006/01/dhs_funding_ope.html http://www.eweek.com/article2/0,1895,1909946,00.asp http://news.zdnet.com/2100-1009_22-6025579.html DHS is funding the security analysis of the source-code for the following OpenSource applications: Apache, BIND, Ethereal, KDE, Linux, Firefox, FreeBSD, OpenBSD, OpenSSL and MySQL -- Saqib Ali, CISSP http://www.xml-dev.com/blog/ "I fear, if I rebel against my Lord, the retribution of an Awful Day (The Day of Resurrection)" Al-Quran 6:15 -------------------------------------------------------------------------- - EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus -------------------------------------------------------------------------- -- -------------------------------------------------------------------------- - EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus -------------------------------------------------------------------------- -
--------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- DHS helping to secure open source code Saqib Ali (Jan 20)
- Re: DHS helping to secure open source code Shawn Merdinger (Jan 20)
- <Possible follow-ups>
- RE: DHS helping to secure open source code Craddock, Larry (Jan 20)
- RE: DHS helping to secure open source code Roger A. Grimes (Jan 22)
- RE: DHS helping to secure open source code Mike Fetherston (Jan 23)
- RE: DHS helping to secure open source code Mike Fetherston (Jan 23)
- RE: DHS helping to secure open source code Craddock, Larry (Jan 24)