Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] US Government Studies Open Source Quality

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] US Government Studies Open Source Quality
Date: Wed, 15 Mar 2006 02:22:36 -0600 (CST) 
http://www.osvdb.org/blog/?p=104

US Government Studies Open Source Quality

"US Government Studies Open Source Quality" reads the SlashDot thread,
and it certainly sounds interesting. Reading deeper, it links to an
article by the Reg titled "Homeland Security report tracks down rogue
open source code". The author of the article, Gavin Clarke, doesnt
link to the company who performed the study (Coverity) or the report
itself. A quick Google search finds the Coverity home page. On the
right hand side, under Library, there is a link titled "NEW >> Open
Source Quality Report". Clicking that, you are faced with "request
information", checking the Open Source Quality Report box (one of
seven boxes including Request Sales Call as the first option, and
Linux Security Report is the default checked box), and then filling
out 14 fields of personal information, 10 of which are required.

So, let me get this straight. My tax dollars fund the Department of
Homeland Security. The DHS opts to spend $1.24 million dollars on
security research, by funding a university and two commercial
companies. One of the commercial companies does research into open
source software, and creates a report detailing their findings. To get
a copy of this report, you must give the private/commercial company
your first name, last name, company name, city, state, telephone, how
you heard about them, email address, and a password for their site
(you can optionally give them your title, and describe your project).

Excuse me, but it should be a CRIME for them to require that kind of
personal information for a study that I helped fund via my tax
dollars. Given this is a study of open source software, requiring
registration and giving up that kind of personal information is doubly
insulting. Coverity, you should be ashamed at using extortion to share
information/research that should be free.

Even worse, your form does not accept RFC compliant e-mail addresses
(RFC 822, RFC 2142 (section 4) and RFC 2821). Now I have to add your
company to my "no plus" web page for not even understanding and
following 24 year old RFC standards. HOW CAN WE TRUST ANYTHING YOU
PUBLISH?!

Oh, if you dont want to go through all of that hassle, you can grab a
copy of the PDF report anyway.

http://osvdb.org/ref/blog/open_source_quality_report.pdf



_________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] US Government Studies Open Source Quality, InfoSec News <=
Previous by Date:  [ISN] OfficeMax: No evidence of security breach, InfoSec News
Next by Date:  [ISN] Computer hacker pleads guilty, InfoSec News
Previous by Thread:  [ISN] OfficeMax: No evidence of security breach, InfoSec News
Next by Thread:  [ISN] Computer hacker pleads guilty, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]