Posted on 03/04/2006 4:01:17 PM PST by antiRepublicrat
The authors of a US government-sponsored report claim to have delivered the first reliable guide into judging the safety and reliability of open source software.
The report, backed by the US Department of Homeland Security (DHS), has evaluated 31 popular open source packages searching for defects that will cause "hard crashes" - problems that leave users open to hackers or cause downtime.
And fortunately for many a young Silicon Valley start-up and entrepreneur, the report, conducted by fault tracking specialist Coverity, has effectively given the Linux, Apache, MySQL and Perl/PHP/Python (LAMP) stack a healthy rating.
LAMP "showed significantly better software quality" above the report's baseline with an average of .32 defects per 1,000 lines of code, according to Coverity. The average for open source projects analyzed is .42 per 1,000 lines.
Coverity co-founder Dave Park called the report a first because it provides a single standard to evaluate software from different open source projects. Increasingly, developers use open source form multiple projects to build applications, making it important to provide an overall measurement for things like bugs.
Park told The Register: "This is one clear metric to decide how reliable or secure open source is. No real or proper yardstick existed before."
Coverity's report, Stacking up the LAMP stack: a study of open source quality, was produced as part of a $1.24m, three-year DHS Science and Technology Directorate effort to evaluate and improve the security of open source.
Coverity evaluated 15m lines of open source code with Stamford University's Computer Science Department. The report has identified bugs that can corrupt a machine's memory space, memory leaks, buffer overruns and crashes. Coverity said it would now engage with open source developers to improve code, and identify potential reasons for why some projects have more bugs than others.
BTTT
OSS PING
If you are interested in the OSS ping list please mail me
Yeah, but it's still communism.....
IBM helped the Nazis....
Linus Torvalds parents were communists....
Richard Stallman!!!!
Did I cover everthing?
RedFlag, dont forget RedFlag..
Dammit. I always forget about Red Flag. Thanks, comrade.
ping
About time. If open source could ever actually pay for anything, some of this stuff might happen sooner. Next thing you'll be wanting to take up a tax for software, I bet, just for stuff like this.
http://search.yahoo.com/search?p=software+tax+manifesto&ei=UTF-8&fr=FP-tab-web-t&x=wrt
Was there a point somewhere in that?
|:::::::::::::;;::::::::::::::::::| |:::::::::::'~||~~~``:::::::::::::| |::::::::' .': o`:::::::::::| |:::::::' oo | |o o ::::::::::| |::::::: 8 .'.' 8 o :::::::::| |::::::: 8 | | 8 :::::::::| |::::::: _._| |_,...8 :::::::::| |::::::'~--. .--. `. `::::::::| |:::::' =8 ~ \ o ::::::::| |::::' 8._ 88. \ o::::::::| |:::' __. ,.ooo~~. \ o`::::::| |::: . -. 88`78o/: \ `:::::| |::' /. o o \ :: \88`::::| "He will join us or die." |:; o|| 8 8 |d. `8 `:::| |:. - ^ ^ -' `-`::| |::. .:::| |:::::..... ::' ``::| |::::::::-'`- 88 `| |:::::-'. - :: | |:-~. . . : | | .. . ..: o:8 88o | |. . ::: 8:P d888. . . | |. . :88 88 888' . . | | o8 d88P . 88 ' d88P .. | | 88P 888 d8P ' 888 | | 8 d88P.'d:8 .- dP~ o8 | | 888 888 d~ o888 LS | |_________________________________|
LOL
If open source could ever actually pay for anything, some of this stuff might happen sooner.
How did you miss it? At long last, some slow forms of accredidation of open source are coming along. Why our government is the one having to pay for it is the question. And if they are, how will it be funded? By taxes, obviously, just as Richard Stallman explains in his open source Manifesto, the bible of the open source zealots. I'm pretty certain I've heard you refer to them as such, before, have I not?
Those are the things I'm hoping to avoid, Stallman and his cronnies putting laws and taxes on the books regarding this OfreeO software. Surely you would agree, on that as well?
^^^^^^^^^^^^^And if they are, how will it be funded? By taxes, obviously^^^^^^^^^^^^^^
I've never seen anybody here on FR as blind as you.
^^^^^^^^^^^^just as Richard Stallman explains in his open source Manifesto, the bible of the open source zealots.^^^^^^^^^^^^^
You should read up on your OSS history. Even with Firefox's marketshare, Linux is OSS's shining star. OSS really didn't do a whole lot until linux hit the scene.
My point is that most OSS zealots are not stallman koolaid drinkers. That minority of users hasn't changed it's size much over the years.
You put way too much time into worrying about Stallman. The guy's a hack. More people take Howard Dean seriously, and you see what it gets him.
In what form do you mean certification? Red hat has been Common Criteria/EAL certified for a while, and is currently at EAL4. That is the highest certification you can normally expect for software that was not designed and developed from the beginning for EAL certification (it is prohibitively expensive to retrofit for EAL5).
BTW, Windows Server 2003 just beat Red Hat to EAL4 by a couple of months. But don't gloat, because SuSE beat Microsoft by a much wider margin.
All of this certification was privately funded.
Why our government is the one having to pay for it is the question.
This wasn't an accreditation, just a review. I am against government waste and subsidies, but I can see a justification for this. The government does widely use OSS, so it has a self-interest to see if its software is secure. They can either pay for commercial software and pay extra to ensure an audit is performed, or they can get software for free (OSS) and pay for an audit.
From a taxpayer point of view I like the lower-cost option. Even a relatively small government operation pays more in commercial software licenses than this whole study cost.
I'm pretty certain I've heard you refer to them as such, before, have I not?
Yes, but you lose credibility every time you reference the commie argument.
Those are the things I'm hoping to avoid, Stallman and his cronnies putting laws and taxes on the books regarding this OfreeO software. Surely you would agree, on that as well?
Definitely I agree, but there's a twist. The government should always go with the lowest cost option that can perform the mission. The law technically already states this, but the government continues to waste money on commercial software (in effect a subsidy) where it is not needed using various loopholes.
I've seen numerous government offices where OpenOffice would perfectly suffice, saving millions of my tax dollars. I see MS ISA Server licenses purchased to run firewalls/proxies where a Linux box can do better at a lower cost. I see MS SQL Server installations on W2K3 where a Linux/OSS RDBMS solution would work just fine. And when running directory services, $3,000+, plus more for CALs above 25 users, is just rediculous. OSS for free, or at least use OS X where you get unlimited users for $1,000.
Absurdity. With 75% of all open source code released under Stallman's license, and a majority of that code having it's copyright transfered to Stallman's organization the FSF, he is clearly on the throne of your movement. Linux was but a cheap clone of Unix from a foreigner, it was it's release under Stallman's GPL that has given it it's rise above BSD.
As for Howard Dean, he's standardized the DNC on GPL software. His right hand man used to work for some Linux company, do you know which one it was?
But not for as long or as high as Unix has, or Windows. You are correct that was privately funded, as all studies of this sort need to be, at least that have their information publicly released. This homeland security report is NOT being privately funded, it is being funded by our taxes, which better not go up.
They can either pay for commercial software and pay extra to ensure an audit is performed, or they can get software for free (OSS) and pay for an audit.
OSS =/= free, unless Richard Stallman gets his way, but if he does we are going to be taxed for it regardless. Policies should be public, but "audits" should be secret and the results kept private to the government, unless changes are warranted.
Even a relatively small government operation pays more in commercial software licenses than this whole study cost.
Doesn't matter, what matters is the principle. Are we going to tax our people and provide them sofware or services? Is it going to become like the transportation department, or the defense department, or do you like it right where it is, with "homeland security" overseeing all of all our software for us?
The government should always go with the lowest cost option that can perform the mission.
Not if it comes from foreigners, or has controversial legal concerns. Open source suffers from both of these issues, as well as a well earned reputation for having inferior capability, yet being more difficult to operate. There's little proof it's actually "cheaper" either, and the false claim it's somehow "free" was blown to bits long ago.
Of course not, OSS didn't go mainstream commercial until the late 90s, so there was no money for this process (which, BTW, carries zero assurances as to the actual quality of the software).
OSS =/= free
"Open source software equals divided by equals free" WTF does that mean?
Policies should be public, but "audits" should be secret and the results kept private to the government, unless changes are warranted.
Secret audits don't make much sense. And if they're going to change it and distribute it, they have to make their contributions public anyway.
Are we going to tax our people and provide them sofware or services?
What I see is a government department that uses a certain type of software and is willing to pay to make it more secure. That the software is open source is a bonus for us.
The government currently spends tens of millions of dollars a year on software custom-written for it, and that software usually stays with the government. From a taxpayer point of view, I prefer the OSS option where I get to directly benefit from my tax expenditures.
Not if it comes from foreigners
You mean the thousands of Microsoft employees in India? Oh, it's okay because that's controlled from the US. But wait, Linux is controlled from the US, too.
or has controversial legal concerns
If you mean the Oxley FUD, don't waste your finger strength. Already blown out of the water.
as well as a well earned reputation for having inferior capability, yet being more difficult to operate
You are an amusing little man, yet you test my patience with unproven generalizations.
There's little proof it's actually "cheaper" either, and the false claim it's somehow "free" was blown to bits long ago.
Microsoft-funded TCO studies do probably show a $10,000 Windows directory server installation being cheaper than a free Linux install with LDAP/Kerberos. As far as free, it's a simple fact: no charge, freely editable code, free as in beer and speech.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.