http://www.news.com/8301-10789_3-9843682-57.html
11 open-source projects certified as secure
Posted by Robert Vamosi
Coverity, which creates automated source-code analysis
tools, announced late Monday its first list of open-source
projects that have been certified as free of security defects.
Eleven projects made the list: Amanda, NTP, OpenPAM,
OpenVPN, Overdose, Perl, PHP, Postfix, Python, Samba, and TCL.
San Francisco-based Coverity, working in collaboration with
Stanford University and under a contract from the Department
of Homeland Security, is analyzing source code to certify
that open-source projects written in C, C++, and Java are
secure. Coverity has not disclosed the amount of the DHS
contract.
The certification was created so that companies can "select
these open-source applications with even greater
confidence," Coverity said.
The company uses a ladder metaphor in its certification process.
Rung 2, which was announced late Monday and is the most
secure level to date, includes the 11 projects. Rung 1 now
includes 86 projects. Rung 0, the lowest level, currently
lists 173 projects.
In all cases, open-source vendors must fix all
vulnerabilities discovered by Coverity's tools in order to
move up the rungs of the security ladder.
--
Rgds,
Asfihani
http://layangan.com/asfik/blog/