Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] DHS & Your Tax Dollars

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] DHS & Your Tax Dollars
Date: Thu, 12 Jan 2006 03:27:19 -0600 (CST) 
Forwarded from: security curmudgeon <jericho@attrition.org>

http://www.osvdb.org/blog/?p=83

DHS & Your Tax Dollars

http://news.com.com/Homeland+Security+helps+secure+open-source+code/2100-1002_3-6025579.html

   Through its Science and Technology Directorate, the department has given
   $1.24 million in funding to Stanford University, Coverity and Symantec
   to hunt for security bugs in open-source software and to improve
   Coveritys commercial tool for source code analysis, representatives for
   the three grant recipients told CNET News.com.

   The Homeland Security Department grant will be paid over a three-year
   period, with $841,276 going to Stanford, $297,000 to Coverity and
   $100,000 to Symantec, according to San Francisco-based technology
   provider Coverity, which plans to announce the award publicly on
   Wednesday.

   The project, while generally welcomed, has come in for some criticism
   from the open-source community. The bug database should help make
   open-source software more secure, but in a roundabout way, said Ben
   Laurie, a director of the Apache Foundation who is also involved with
   OpenSSL. A more direct way would be to provide the code analysis tools
   to the open-source developers themselves, he said.

So DHS uses $1.24 million dollars to fund a university and two commercial 
companies. The money will be used to develop source code auditing tools 
that will remain private. Coverity and Symantec will use the software on 
open-source software (which is good), but is arguably a huge PR move to 
help grease the wheels of the money flow. Coverity and Symantic will also 
be able to use these tools for their customers, which will pay them money 
for this service.

Why exactly do my tax dollars pay for the commercial development of tools 
that are not released to the public? As Ben Laurie states, why cant he get 
a copy of these tax payer funded tools to run on the code his team 
develops? Why must they submit their code to a commercial third party for 
review to get any value from this software?

Given the date of this announcement, coupled with the announcement of 
Stanfords PHP-CHECKER makes me wonder when the funds started rolling. 
There are obviously questions to be answered regarding Stanfords project 
(that I already asked). This also makes me wonder what legal and ethical 
questions should be asked about tax dollars being spent by the DHS, for a 
university to fund the development of a security tool that could 
potentially do great good if released for all to use.

Its too bad there is more than a year long wait for FOIA requests made to 
the DHS.



_________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ISN] Hackers attack ebaumsworld, InfoSec News
Next by Date:  [ISN] Secunia Weekly Summary - Issue: 2006-2, InfoSec News
Previous by Thread:  [ISN] Hackers attack ebaumsworld, InfoSec News
Next by Thread:  Re: [ISN] DHS & Your Tax Dollars, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]