The New Information Agenda. Do You Have One? The lack of trusted information is a major concern for businesses worldwide. The information agenda is a comprehensive, enterprise-wide plan for creating, delivering, and exploiting trusted information. It allows CIOs to achieve short-term tactical and long-term strategic changes. »   The Outsourcing Decision for a Globally Integrated Enterprise: From Commodity Outsourcing to Value Creation The Outsourcing Decision for a Globally Integrated Enterprise Globalization and advances in technology have changed the way business gets done. Today, outsourcing helps make the globally integrated enterprise possible. And the decision-making process for outsourcing is changing — with CIOs playing a more strategic role. »   IBM CIO insights: Igniting Innovation By Fusing Business and IT The disconnect between business and IT leaders is nothing new. But in a highly competitive environment, where innovation is the key to success, this lack of integration can cause companies to stagnate, lose money, and miss valuable opportunities. CIOs need to take the lead in correcting this problem. This executive guide outlines the solutions and initiatives IT leaders need to implement to help bridge the gap. This executive guide offers the solutions and insights CIOs need to take the lead in building a more innovative, more successful company. »   How are Other CIOs Driving Growth? IBM interviewed over 175 CIOs to see how they're bringing together business and IT to drive growth and financial success. We found that organizations with high levels of integration have experienced a 9% return on investment, and a 6% return on assets. Want to learn what else they are doing? Read our Global CIO Leadership Survey. »

XML/RSS feeds EarthWeb IT Management news and headlines CIO Update headlines See more EarthWeb Network RSS feeds FREE Tech Newsletters Instant Messaging Planet HTML CIO Update CodeGuru Update Enterprise Networking Planet Practically Networked HTML Enterprise Storage Forum HTML Optically Networked HTML Intranet Journal Update Datamation IT Management Careers Datamation IT Management Update Developer.com Update Gamelan Java Update Goodies to Go Javascript Weekly HTML JARS Java Update OpenSource Update SysOpt Tech Notes Grid Computing Planet HTML E-Security Planet HTML Virtual Dr. Text

Related Articles • Can Data Ever Be Deleted? • Online Sales Up, Service Down • Panasas Powers Stanford • The Circle of Trust

Special Reports • ITIL v3: Bridging the Gap Between IT and Business • Outsourcing’s Seven-Year Itch • The Productivity of Technology is in Jeopardy • Offshore Considerations for Infrastructure Management • Disaster Waiting to Happen • Friday’s Top 5 • Top 10 Money Savers for 2008 • Understanding the 10 Fundamentals of Any Business • 8 Great Training Tips from the Canadian Army • Enterprise Architecture and SOA: Two Tribes More Special Reports

IT Focus Tech Focus: Security Cybersecurity: Laws Only Go So Far Mozilla Firefox vs. Internet Explorer: Which is Safer? Is Your Blog Leaking Trade Secrets? The Las Vegas Counterfeiting Story: Is Your Privacy Worth More Than a Poker Chip? Stopping Spammers at The Point of Sale

Today on EarthWebNews.com • How Gaming Pros Help Big Companies • Begging to be Spammed • Laying The Groundwork For 10GbE Networks • Technical Analysis: S&P Pushes Resistance • Microsoft Shrugs Off The Pressure, Breaks Records More EarthWebNews.com

Download: Solaris 8 Migration Assistant Rapidly move your Solaris 8 application environments to new systems running Solaris 10 with the Solaris 8 Migration Assistant.

DHS Gets Into Open Source

By Allen Bernard

January 12, 2006: A DHS grant has been awarded to three organizations to help secure the most commonly used open source programs.

In what could be a nice boost to the open source software movement, the Department of Homeland Security (DHS) awarded a $1.24 million open source security testing grant to Coverity, Stanford University and Symantec.

The three-year grant, called the Vulnerability Discovery and Remediation Open Source Hardening Project, is part of a larger federal initiative by the DHS’s Science and Technology Directorate (DHS S&T) to foster the development and deployment of technologies to protect the nation’s telecommunications infrastructure, including the Internet and other critical networks that depend on computer systems for their mission.

Coverity will use the money to code-test 40 of the most commonly used open source software projects including Apache, FreeBSD, GTK, Linux, Mozilla, MySQL, PostgreSQL, with it's Prevent software that uses static source code analysis to find various types of hidden security errors.

The audit results will be published daily on the Web and are intended to help the development community, industry and government both identify and correct security vulnerabilities in some of the most important and widely-used software in the world.

"Ten years ago code bases were a lot smaller and less complex so code audits and manual testing worked pretty effectively," said David Park, vice president of Marketing & Business Development at Coverity. "But, in today's world, … there's only so much humans' can do."

Aside from assuring secure code Park believes the effort will only boost the adoption of open source code in government and the enterprise. And, perhaps more importantly, it will ensure code already in use does not have critical flaws that are only discovered by accident.

The open source operating system Linux, for example, has over six million lines of code that can lead to tens of millions of events. Manually testing for all those potential events is impossible. By automating the process, defective source code can be found more easily without have to wait for a one-of-kind event to trigger a problem.

"The conventional way of insuring security, which is the … firewalls, IDS software, is an important part but that's not the whole story—especially with the size and complexity of today's open source projects—they're realizing that the problem also has to be attacked from the other stream, which is the source code."

A 2002 study by the Mitre Corp. for the National Institute of Standards and Technology identified more than 230 open source software packages already in use for critical operations within the federal government.

That's why (DHS) is behind it," said Park.

Under the terms of the grant, Coverity and Stanford will build and maintain a system that automatically analyzes more than 40 open source software projects as a nightly regression and publishes defects it finds in a publicly-available bug database.

Tools:

Add www.cioupddate.com to your favorites Add www.cioupddate.com to your browser search box IE 7 | Firefox 2.0 | Firefox 1.5.x Receive news via our XML/RSS feed

• Return to News Index
• Return to www.cioupdate.com Homepage