Actually, if you look at the site doing the testing, they don't say
anything about anybody in the government using/approving/endorsing any
of the software.
It's just a project to audit open source code base for security issues.
The don't appear to undertake any corrections in the code base
themselves, but do co-operate with the software developers in helping
them locate the vulnerabilities. Participation by the developers appears
to be entirely voluntary.
Rung 0 appears to be software they are looking at, but as yet have no
contact from the software's development team. Involvement from the
developers looks to be up to the developers, but without their
co-operation, things won't go to far.
Rung 1 looks to be software that the developers of the package have
contacted the auditors and some progress is probably being made towards
correcting the security vulnerabilities.
Rung 2 looks to be where a significant portion of the vulnerabilities
have been dealt with, not necessarily all of them. This is where the 11
are that Mike/zdnet were referring to are. Some of them are at Zero.
The auditing firm seems to be leaving it open so far as to how many
rungs there will be eventually.
They seemed pretty impressed with the Amanda Project (backup). I guess
when they found their software had vulnerabilities, they went after them
with a vengeance and had all found taken care of in 1 weeks time. They
had started out with the most vulnerabilities at the outset.
I had the impression the auditors were impressed by the professionalism
of the open source community in general in how the did not want software
with their names on it out there with known security issues. They
implied the community had a lot of pride in it's professionalism.
Damien Hull wrote:
> barsalou wrote:
>
>> I found this through slashdot. As a poke to some of my friends...even
>> PHP made it!
>>
>> http://www.zdnet.com.au/news/security/soa/11-open-source-projects-pass-security-health-check/0,130061744,339284949,00.htm
>>
>> Mike B.
>>
>> ----------------------------------------------------------------
>> This message was sent using IMP, the Internet Messaging Program.
>>
>> ---------
>> To unsubscribe, send email to <aklug-request@aklug.org>
>> with 'unsubscribe' in the message body.
>>
>>
> Did you notice that one of the projects tested is a Yahoo chat client.
> It's nice to know government employees are securely chatting on yahoo.
> Wait... Hows that work?
>
> Maybe the chat code is secure but what about Yahoo? There goes our tax
> dollars.
>
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>
>
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu Jan 10 15:47:48 2008
This archive was generated by hypermail 2.1.8 : Thu Jan 10 2008 - 15:47:49 AKST