The DHS isn’t all bad (?)

Bruce Schneier points out that the DHS is paying to have some popular open source software scanned for bugs, and then fixing the bugs! Although the articles he links to don’t quite say the same… DHS is providing the scan results and the open source projects are then handling the bugs themselves, according to those sources. Still, it’s downright neighborly of the DHS to do this for us, and thereby improve the quality of software security worldwide, at a rate of 1 fix every two hours since the start of the program in 2006. It’s also nice to see where Linux stands:

Linux came in with far fewer defects than average as did a number of
other open source projects. The version 2.6 of the Linux kernel had a
security bug rate of .127 per thousand lines of code.

(average being approximately 1 defect per thousand lines)

The KDE interface contains 4,712,273 lines of
code, has fixed 1,554 defects, has verified another 25 and has only 65
to go. Gnome contains 430,809 lines of code, has fixed 357 defects,
verified 5 and has 214 to go.

Whew. KDE is huge, but it has fewer bugs-per-line, and it’s doing a better job of fixing those bugs. Go, KDE! You guys rock.

…and the skeptic in me is glad DHS isn’t doing the fixes for us. I’d worry they were slipping some back doors or spyware in. 😉

Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: