RE: DHS helping to secure open source code

[Mike Fetherston <mike_sha () shaw ca>]

Do you have information on the sample for this study?  If this study took
vulnerabilities for each of the major distros, the actual vuln count could
be at 500 or less.  This would be assuming that each distro released a
security advisory for a package that is common across all (i.e. bind).  It's
easy to skew numbers this way.

Mike Fetherston

> -----Original Message-----
> From: Craddock, Larry [mailto:l_craddock () wfec com]
> Sent: Friday, January 20, 2006 12:02 PM
> To: Security-Basics (E-mail)
> Subject: RE: DHS helping to secure open source code
>
> "US-CERT's (United States Computer Emergency Readiness Team) 2005 year-end
> vulnerability statistics found a startling increase in flaws in Unix/Linux
> operating systems. The controversial data revealed 812 flaws in Windows,
> compared with 2,328 vulnerabilities in various Unix/Linux packages. "
>
> Looks to me like the reason the DHS is funding the project is because they
> *do* have some doubts.
>
>
> Larry Craddock
>
>
> -----Original Message-----
> From: Saqib Ali [mailto:docbook.xml () gmail com]
> Sent: Tuesday, January 17, 2006 6:00 PM
> To: Security-Basics (E-mail)
> Subject: DHS helping to secure open source code
>
> For people who doubt the secure coding practices in open source projects:
>
> http://www.schneier.com/blog/archives/2006/01/dhs_funding_ope.html
> http://www.eweek.com/article2/0,1895,1909946,00.asp
> http://news.zdnet.com/2100-1009_22-6025579.html
>
> DHS is funding the security analysis of the source-code for the following
> OpenSource applications:
>
> Apache, BIND, Ethereal, KDE, Linux, Firefox, FreeBSD, OpenBSD, OpenSSL and
> MySQL
>
> --
> Saqib Ali, CISSP
> http://www.xml-dev.com/blog/
> "I fear, if I rebel against my Lord, the retribution of an Awful Day (The
> Day
> of Resurrection)" Al-Quran 6:15
>
> --------------------------------------------------------------------------
> -
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich
> University program offers unparalleled Infosec management education and
> the
> case study affords you unmatched consulting experience.
> Tailor your education to your own professional goals with degree
> customizations including Emergency Management, Business Continuity
> Planning,
> Computer Emergency Response Teams, and Digital Investigations.
>
> http://www.msia.norwich.edu/secfocus
> --------------------------------------------------------------------------
> --
>
>
> --------------------------------------------------------------------------
> -
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The Norwich University program offers unparalleled Infosec management
> education and the case study affords you unmatched consulting experience.
> Tailor your education to your own professional goals with degree
> customizations including Emergency Management, Business Continuity
> Planning,
> Computer Emergency Response Teams, and Digital Investigations.
>
> http://www.msia.norwich.edu/secfocus
> --------------------------------------------------------------------------
> -




---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------