US pays to make open source safer

$1m plan to root out bugs, and other issues

Open-source software may become more attractive to enterprises, after the US government last week pledged over $1m funding to help root out bugs in projects such as Linux, Mozilla and Apache.

Stanford University, Symantec and source-code testing company Coverity have all been signed up by the US Department of Homeland Security to trawl through open-source code and seek out bugs.

The $1m grant will be released over three years. A key element of the project is to improve the existing Coverity Prevent Linux code-testing tool, increasing the number of projects it supports to over 40 and creating a database of bugs for developers to view. Meanwhile, Symantec is on board to test the scanning tools.

Experts welcomed the initiative. “With the tie-in with Symantec, it should be a valuable service for the open-source community,” said Michael Azoff of analyst Butler Group. “Today open-source software is in the enterprise, and you might as well make it as secure and reliable as possible.”

Laurent Cachal of analyst firm Ovum added that the project should improve the image of non-proprietary software and make firms more comfortable using it.

Meanwhile, Microsoft is stepping up efforts to tighten up its own legacy code, in response to the recent spate of Windows Metafile flaw exploits. The software giant said it is combing through affected code to look for other vulnerabilities that could be exploited by this type of attack.