Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

US Homeland Security to Support Open Source

ScuttleMonkey posted more than 8 years ago | from the read-the-grant-carefully dept.

Security 186

An anonymous reader writes "CNET is reporting that the US Department of Homeland Security is extending its support to open source software. The DHS will be giving Stanford University, Coverity, and Symantec a $1.24 million grant to improve the security of open source software. From the article: 'The Homeland Security Department grant will be paid over a three-year period, with $841,276 going to Stanford, $297,000 to Coverity and $100,000 to Symantec, according to San Francisco-based technology provider Coverity, which plans to announce the award publicly on Wednesday.' It's nice that our tax dollars are being used for the right stuff."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered


DHS and Open Source? (0, Funny)

Anonymous Coward | more than 8 years ago | (#14444821)


Your MOTHERS Head Asplode! (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#14444930)

Such a gay comment. Commit yourself to the barn fire whereby you will no longer exist.
  Good Day, Sir!

Re:DHS and Open Source? (1, Funny)

Anonymous Coward | more than 8 years ago | (#14445249)

Yeah.. I must say, I had my doubts about the whole Department of Homeland Security thing at first. But now that they've embraced open source, I see that I was wrong. It's best to stop worrying, and learn to love Echelon. Well, maybe not Echelon... that's NSA.

Symantec? (5, Insightful)

Anonymous Coward | more than 8 years ago | (#14444825)

Symantec? Open source?? Where?!

Re:Symantec? (4, Insightful)

killmenow (184444) | more than 8 years ago | (#14444872)

I'll add to this...
The DHS will be giving Stanford University, Coverity, and Symantec a $1.24 million grant to improve the security of open source software.
I fail to see how giving Symantec money will improve the security of anything unless we're talking about securities...as in Symantec stock. Once upon a time the name Norton prepended was a good sign. I am not trying to troll or incite flames, but I find Symantec (and McAfee for that matter) sorely wanting these days. I would be leery of running anything with their name attached to it on one of my boxes.

At least they only get $100,000 and the bulk goes to Standford.

Re:Symantec? (1)

Zzootnik (179922) | more than 8 years ago | (#14444899)

What Occurred to me when I read that is the part about Symantec being a Commercial Software company...They don't release ANYTHING as Open Source, do they?
(If I'm right) Money well spent...Yeah, right-

Re:Symantec? (1)

BCW2 (168187) | more than 8 years ago | (#14444902)

Maybe they will use the money to improve the security of Symantec products? I have removed Norton from 3 customer computers this week due to several variants of the virii that specificly attack Norton. There code is as sloppy as M$.

Re:Symantec? (1)

SatanicPuppy (611928) | more than 8 years ago | (#14445433)

And twice as bloated.

Not really sure what Symantec could add to open source...Maybe put some work into an antivirus that works on linux natively, which would be closed source, and cost 65 dollars, and sit on the shelves for a year because no one who runs linux would buy a symantec product to run on it.

Defintely a testament to their marketing department though, that their name is "associated" with security to the degree that the government just randomly gives them grants.

Google hopefully. (0)

Anonymous Coward | more than 8 years ago | (#14444876)

http://pack.google.com/pack_installer_required.htm l [google.com]

If Google can convince Symantic to give away their software, perhaps the next logical leap would be for Google to convince them to create an open source security suite... Or at least contribute to the laundrylist of FOSS designed for such a thing.

Re:Symantec? (4, Interesting)

KiloByte (825081) | more than 8 years ago | (#14444888)

Don't underestimate Symantec's relations with Open Source.

They are big. They are strong. They are all negative.

Symantec is known for its FUD campaigns in order to hawk their anti-virus software. They do everything they can to fool people into believing that viruses are as prevalent in the rest of the world as they are in Windows.

Thus, I believe that a dollar given to Symantec is worse than a dollar ripped apart.

Re:Symantec? (4, Interesting)

$rtbl_this (584653) | more than 8 years ago | (#14444954)

They are all negative.

Not all of them. We use Symantec's IDS and AV/anti-spam appliances, both of which are just i386 linux boxes with some proprietary software and a candy-coated front-end. Just because their marketing folk badmouth open source software doesn't mean that their technical staff don't see the advantages.

Re:Symantec? (1)

BuR4N (512430) | more than 8 years ago | (#14445076)

"Symantec is known for its FUD campaigns in order to hawk their anti-virus software. They do everything they can to fool people into believing that viruses are as prevalent in the rest of the world as they are in Windows."

Viruses isn't nearly as common even for Windows as Symantec & co would like us to belive.

Anti virus programs causes more problem then they fix, would not be surprised that they are costing most companies more money over time then a virus running rampart in their network...

Re:Symantec? (2)

lanswitch (705539) | more than 8 years ago | (#14445144)

would not be surprised that they are costing most companies more money over time then a virus running rampart in their network...
Could be true. But I would prefer the occasional problem with the virusscanner (on server or workstation), than one virus running wild over a network without protection.

Absolutely! That $100K.... (0)

Anonymous Coward | more than 8 years ago | (#14445299)

... will be swiftly gobbled up as their "cost" to produce a simple paper saying that everyone needs to keep running Windows and not even think about open source stuff. (It won't be mentioned at all that the real reason they wish for everyone to keep running Windows is because all Windows' insecuritties is their primary cash cow.

Re:Symantec? (1)

Jason Straight (58248) | more than 8 years ago | (#14444944)

Yeah, the last thing I want is my entire linux system bogged down or networking rendered inoperable by symantec wares.

Magic Lantern Payback (0)

Anonymous Coward | more than 8 years ago | (#14445072)

This is payback for Symantec Antivirus NOT disinfecting the Magic Lantern virus.

Re:Symantec? (0)

Anonymous Coward | more than 8 years ago | (#14445322)

Soo.. If they find better means to enslave you, ie by using Open Source Software, that makes them good?

Don't be fooled of the Devil himself if he claims to care about children

Sort of good.. (0, Flamebait)

PrinceAshitaka (562972) | more than 8 years ago | (#14444833)

At least the department of homaland security isn't wasteing all of thier money. I know, mod me down for posting flamebait.

Re:Sort of good.. (0)

Anonymous Coward | more than 8 years ago | (#14444843)

LOL as a conservative I always appreciate a liberal who knows they are setting themselves up as flame bait. I spite of my political leanings and feelings about DHS, NSA, etc... you gave me a chuckle and a smile this morning. Have a great day... thanks for the laugh... sorry no mod points but I would mod you up 1...

Why "Flamebait"? (4, Informative)

IAAP (937607) | more than 8 years ago | (#14444910)

We've all have heard [nationalreview.com] about the wasteful spending by states and municipalites regarding the spending of money thrust upon them by Homeland Security. It's a matter that concerns both sides - a little. Homeland Security has become yet another avenue for pork barrel spending, and as a result, states are getting money that may not help the fight on terrorism. Senate [senate.gov]

At least the department of homaland security isn't wasteing all of thier money.

I agree. This will promote OSS and help reduce the costs of our Government. So what's the problem with what the parent said?

Re:Sort of good.. (2, Insightful)

Bimo_Dude (178966) | more than 8 years ago | (#14444914)

Looks like you're on the way to a +5 Flamebait (hehehe...)

While I normally am suspicious of almost everything done by DHS, I do see this as a good thing. It seems like a good start, anyway. If only we could get them to put the other 99.997% of their budget (based on their 2005 budget [whitehouse.gov]) behind Open Source...

BIND (4, Interesting)

ehaggis (879721) | more than 8 years ago | (#14444850)

I would like to see the fork BIND takes under DHS. Out the applications listed, BIND must be the most formidable for securing and utilizing in a secure enviroment. This could be a boon for the overall reliability of the internet.

Err wait a second. (1, Funny)

lisany (700361) | more than 8 years ago | (#14444851)

Where's the conspiracy here? Is it a good thing that DHS is supporting open source? Boy, I can't wait til the talking heads get ahold of this.

Re:Err wait a second. (1)

CreepingDeath (17019) | more than 8 years ago | (#14444864)

I'd like to know what Symantec has to do with open source, though. Maybe its just pity money since their software sucks.

Re:Err wait a second. (0)

Anonymous Coward | more than 8 years ago | (#14444894)

Only the regular government porkbarrel gravy train.

Just don't be surprised if Stanford uses the money to buy a new building or something.

Re:Err wait a second. (4, Insightful)

kfg (145172) | more than 8 years ago | (#14444973)

Where's the conspiracy here?

Wait for it, wait for it!

Is it a good thing that DHS is supporting open source?

They are not supporting open source. They are supporting commercial code which can be applied against open source code.

The open soure developers and their code base are left to go scratch.


Re:Err wait a second. (4, Informative)

IAAP (937607) | more than 8 years ago | (#14445018)

FTFA: Programmers working on the Linux operating system, Apache Web server, BIND Internet infrastructure software and Firefox browser, for example, will be able to fix security vulnerabilities flagged by the system before their code becomes part of a released application or operating system.

And: This could be a boon for open-source security, said Stacey Quandt, an analyst with Aberdeen Group. "The benefit for open source is that it enables it to be up to date with commercial technology innovation," she said.

Your point FTFA"Why does the DHS think it is worthwhile to pay for bugs to be found, but has made no provision to pay for them to be fixed?"

I agree that it's kind of shitty that money isn't going to OSS. Then again, they're getting free security checking that'll can be applied and distributed for free. Hopefully, someone in Gov. will see the light and spend some money on OSS to have the security holes fixed. Donations to th OSS organizations affected by the screening?

Re:Err wait a second. (1)

gnum (897315) | more than 8 years ago | (#14445468)

Hopefully, someone in Gov. will see the light and spend some money on OSS to have the security holes fixed. Yeah right. Like we need Big Brother fixing our security holes.

Re:Err wait a second. (1)

Dunbal (464142) | more than 8 years ago | (#14445062)

They are supporting commercial code which can be applied against open source code.

      1.2M for a program that scans the codebase for the words "bomb", "terrorism" and "Al Quaeda"...

Good Start (5, Interesting)

Artie Dent (929986) | more than 8 years ago | (#14444859)

"The money is going to provide them with things they need to fix the bugs, which is bug reports. That is a lot better than they have now, which is nothing," While a agree with Engler's comment here, I also have to wonder, without proper funding to fix these bugs, what good will it do? And if a list of bugs and exploits comes out on well used Open Source Software, without the means to fix them, and these lists are leaked, it could create havoc.

Re: Good Start (1)

Alwin Henseler (640539) | more than 8 years ago | (#14445005)

I also have to wonder, without proper funding to fix these bugs, what good will it do? And if a list of bugs and exploits comes out on well used Open Source Software, without the means to fix them, and these lists are leaked, it could create havoc.

Think of it as an ongoing effort. Not 'lots of software checked, and at the end of it all, results published', but more 'software A checked, results reported to maintainers, software B checked, (..), new version of software A checked (again)' and so on until funding runs out.

And fixing bugs won't be much a problem I think. The libre software community has shown it knows how to handle bug reports just fine. Pinpointing bugs (especially ones you may not even know to exist, as opposed to finding the cause of a known problem) is the hard part. Once found, producing a patch is relatively easy. Heck, some fixes may be so easy/simple/obvious, that they come with the bug reports.

What makes me less happy, is that lots of taxpayers money is channeled into a one-shot effort. Instead of pouring $1.24m into screening libre software projects X, Y and Z, why not put that money into creating a libre version of a screening tool? Such that projects X, Y, Z, B, H and G can use it themselves? And can keep doing so after funding is cut. Would serve the public better, I think (and cheaper in the long run).

Source code analysis tools (5, Interesting)

grimJester (890090) | more than 8 years ago | (#14444868)

The real story seems to be that the money is granted to develop and test source code analysis tools, with Stanford doing development and Symantec testing. Seems like a potentially good way to catch human errors in coding. Instant feedback for the sloppy coder would be nice.

Buffer overflows are the easy part (1)

lheal (86013) | more than 8 years ago | (#14445071)

I'd love to have array bounds checking and built in to the compiler, so it would complain when I leave a loop unbounded.

But things like race conditions in a multithreaded app, abuse of least privilege, or other runtime errors seem more difficult.

The cynic in me says that it's Symantec doing it, so they'll make a product you have to leave runnning all the time to be "secure". They're just doing the testing part, though. Besides, what would they call it, Symantec Antisecurity?

Yeah, more money (1)

waif69 (322360) | more than 8 years ago | (#14444870)

I understand that most open source is written by people who care and are either college students or white collar workers who have time either at work (employer consenting), or at home if they have little family life.

But, I think a little squirt of the green will help to encourage those who permit this behaviour of the programmers to feel a little bit better and increase the likelyhood of permitting if not encourage such behaviour in the future.

Not necessarily so... (4, Informative)

meringuoid (568297) | more than 8 years ago | (#14444901)

I understand that most open source is written by people who care and are either college students or white collar workers who have time either at work (employer consenting), or at home if they have little family life.

Most open source, in terms of sheer number of projects or lines of code? Probably. But in terms of usage?

The major open-source projects have got corporate backing now. Linux, for instance? Lots of work being done on that by IBM, in addition to the employees of the likes of Red Hat or SuSE. Similarly, I believe AOL has been backing Mozilla lately, and the number of old-skool Unix utilities that contain copyrights of the University of California is enormous - after all, they wrote BSD.

It's not just anarchist hackers now. Open source has gone commercial in a really big way.

DHS, Friend or foe (0)

Anonymous Coward | more than 8 years ago | (#14444877)

I'm glad the government is supporting the open source initiative. However, when I see that the Department of Homeland Security is getting involved in something I always wonder what is their angle? Are they really attempting to harden Open Source or do they have a more nefarious objective? Sure, Open Source would be hard to co-opt but would it be impossible?

anyway, my two cents as an Anonymous Coward so the DHS has to do a (very) little work to find me :D

your tax dollars at work? (0)

Anonymous Coward | more than 8 years ago | (#14444881)

IMHO, anyone that thinks this will improve anything is completely naive. All this will serve to do is improve the lifestyles of the overly affluent.

I've yet to personally see one good thing come from these excessive pay outs to big business or big education. The majority of such funding is spent creating and then supporting the lavish lives of the leisure class.

The rich play, the poor pay.

This is like... (3, Funny)

PFactor (135319) | more than 8 years ago | (#14444889)

...Satan supporting the bible.

Re:This is like... (1, Offtopic)

waif69 (322360) | more than 8 years ago | (#14444897)

...and he wouldn't? He is mentioned there enough times to use it for PR.

Re:This is like... (0, Offtopic)

houghi (78078) | more than 8 years ago | (#14445069)

Indeed. If I kicked out God of heaven, I would let people kill each other just to obay me as well.

Re:This is like... (1, Funny)

Anonymous Coward | more than 8 years ago | (#14445168)

C'mon, he's the best friend the church has. He's kept all the masses in fear for how many years?

Re:This is like... (0, Troll)

OreoCookie (814421) | more than 8 years ago | (#14445648)

You're an ass. In case you just fell off the turnip truck yesterday, let me remind you why we have a Department of Homeland Security.

November 4
Iranian radicals seize the US Embassy in Tehran, taking sixty-six American diplomats hostage. The crisis continues until 20 January 1981 when the hostages are released by diplomatic means.

August 13
Air Florida flight from Key West to Miami, United States, hijacked by seven Cubans and flown to Cuba, where they released their hostages and taken into custody. Six further US airliners were hijacked to Cuba over the next month. All the passengers were freed without harm. Three passengers were killed when Cubans hijacked an aircraft in Peru and demanded to be flown to the United States.

August 31
Large bomb explodes in the car park of the USAF base at Ramstein, Germany, injuring twenty people. The Red Army Faction claims responsibility.
September 15
Red Army Faction terrorists make unsuccessful rocket attacks on the car of US Army commander in West Germany, General Fred Kroesen.
December 4
Three American nuns and one lay missionary were found murdered outside San Salvador, El Salvador. They were believed to have been assassinated by a right-wing death squad.

April 8
A U.S. citizen was seized by the Revolutionary Armed Forces of Colombia (FARC) and held for ransom.
April 18
Sixty three people, including the CIA's Middle East Director, are killed and 120 injured in a 400 lb. suicide truck bomb attack on the US Embassy in Beirut, Lebanon. The driver is killed. Responsibility is claimed by Islamic Jihad.
May 25
A U.S. Navy officer is assassinated by the Farabundo Marti National Liberation Front.
October 23
Simultaneous suicide truck bombs on American and French compounds in Beirut, Lebanon. A 12,000 lb bomb destroys a US Marine Corps base killing two hundred and forty one Americans; another fifty eight Frenchmen are killed when a 400 lb device destroys one of their bases. Islamic Jihad claims responsibility.
November 15
US Naval officer shot by November 17 terrorist group in Athens, Greece, when his car stopped at traffic lights.
December 12
US Embassy in Kuwait targeted by Iraqi Shia terrorists who attempted to destroy the building with a truck bomb. The attack was foiled by guards and the device exploded in the Embassy fore-court killing five people.
December 17
US Army Brigadier General James Dozier kidnapped from his home in Verona, Italy, by Italian Red Brigades terrorists. He was held for forty five days until Italian special forces rescued him on January 26, 1982.

March 16
CIA station chief in Beirut, Lebanon, William Buckley, was kidnapped by the Iranian backed Islamic Jihad. He was tortured and then executed by his captors.
April 12
Eighteen US servicemen killed and eighty three people injured in bomb attack on restaurant near USAF base in Torrejon, Spain.
September 20
Suicide bomb attack on US Embassy in East Beirut kills twenty three people and injures twenty one others. The US and British ambassadors were slightly injured in the explosion which was attributed to the Iranian backed Hezbollah group

February 7
Under the orders of narcotrafficker Rafael Cero Quintero, Drug Enforcement Administration agent Enrique Camarena Salazar and his pilot were kidnapped, tortured, and executed.
March 16
US journalist Terry Anderson is kidnapped in Beirut, Lebanon, by Iranian backed Islamic radicals. He is released in December 1991.
June 9
US academic, Thomas Sutherland, at the American University, Beirut, Lebanon kidnapped by Islamic terrorists and held until November 18, 1991.
June 14
A Trans World Airlines flight was hijacked en route to Rome from Athens by two Lebanese Hizballah terrorists and forced to fly to Beirut. The eight crew members and 145 passengers were held for 17 days, during which one American hostage, a U.S. Navy diver, was murdered. After being flown twice to Algiers, the aircraft was returned to Beirut after Israel released 435 Lebanese and Palestinian prisoners.
August 8
Three US servicemen and seventeen injured in Red Army Faction bomb and gun attack on Rhein-Main airbase, Germany.
September 12
US academic at the American University in Beirut, Joseph Cicippio, seized in Beirut by Iranian backed Islamic terrorists. He is released on December 1, 1991.
October 7
Four Palestinian Liberation Front terrorists seized an Italian cruise liner in the eastern Mediterranean Sea, taking more than 700 hostages. One U.S. passenger was murdered before the Egyptian Government offered the terrorists safe haven in return for the hostages' freedom.
October 21
American businessman Edward Tracy kidnapped in Lebanon by Islamic terrorists and held for almost five years until August 11, 1991.

March 30
A Palestinian splinter group detonated a bomb as TWA Flight 840 approached Athens Airport, killing four U.S. citizens.
April 5
Two U.S. soldiers were killed, and 79 American servicemen were injured in a Libyan bomb attack on a nightclub in West Berlin, West Germany.

January 24
American citizens Jesse Turner and Alann Steen were seized in Beirut by Islamic terrorists. Turner was held until October 22, 1991 and Steen is released on 3 December 3, 1991.
April 14
US Navy club in Naples, Italy, bombed by Japanese Red Army killing five.
April 24
Sixteen U.S. servicemen riding in a Greek Air Force bus near Athens were injured in an apparent bombing attack, carried out by the revolutionary organization known as 17 November.

February 17
US Marine Corps Lieutenant Colonel W. Higgens, kidnapped and murdered by the Iranian backed Hezbollah while serving with the United Nations Truce Supervisory Organisation in southern Lebanon.
April 14
The Organization of Jihad Brigades exploded a car bomb outside a USO Club in Naples, Italy, killing one U.S. sailor.
June 28
US Naval Attache killed in Athens, Greece, by Nov 17th terrorist group.
August 8
Pakistan president Zia Al Haq and US ambassador are killed, along with thirty seven other people, when a bomb explodes on a C-130 Hercules aircraft just after take off from Bahawalpu, Pakistan. December 21
Pan Am Boeing 747 blown up over Lockerbie, Scotland, by a bomb believed to have been placed on the aircraft at Frankfurt Airport, Germany. All 259 people on the aircraft were killed by the blast.

April 21
The New People's Army (NPA) assassinate Col. James Rowe in Manila. The NPA also assassinate two U.S. government defense contractors in September.

January 15
The Tupac Amaru Revolutionary Movement bombed the U.S. Embassy in Lima, Peru.
May 13
The New People's Army (NPA) killed two U.S. Air Force personnel near Clark Air Force Base in the Philippines.

January 17-21
A senior official of the corporation Philippine Geothermal was kidnapped in Manila by the Red Scorpion Group, and two U.S. businessmen were seized independently by the National Liberation Army and by Revolutionary Armed Forces of Colombia (FARC).

January 31
Revolutionary Armed Forces of Colombia (FARC) terrorists kidnapped three U.S. missionaries.
February 26
World Trade Center in New York, USA, attacked by a massive bomb planted by Islamic terrorists.
April 14
Iraqi intelligence service attempt to assassinate former US President, George Bush, during a visit to Kuwait.

September 23
FARC rebels kidnapped U.S. citizen Thomas Hargrove in Colombia.

March 8
Two unidentified gunmen killed two U.S. diplomats and wounded a third in Karachi, Pakistan.
July 4
In India, six foreigners, including two U.S. citizens, were taken hostage by Al-Faran, a Kashmiri separatist group. One non-U.S. hostage was later found beheaded.
August 21
Hamas claimed responsibility for the detonation of a bomb in Jerusalem that killed six and injured over 100 persons, including several U.S. citizens.
September 13
A rocket-propelled grenade was fired through the window of the U.S. Embassy in Moscow, as an apparent retaliation for U.S. strikes on Serb positions in Bosnia.
November 13
Seven foreigners, including a number of US servicemen, are killed in bomb attack on National Guard training centre at Riyadh, Saudi Arabia.

January 19
Revolutionary Armed Forces of Colombia (FARC) guerrillas kidnapped a U.S. citizen and demanded a $1 million ransom. The hostage was released on May 22.
February 15
Unidentified assailants fired a rocket at the U.S. embassy compound in Athens, causing minor damage to three diplomatic vehicles and some surrounding buildings. It is believed to have been carried out by the 17 November group.
February 16
Six alleged National Liberation Army (ELN) guerrillas kidnapped a U.S. citizen in Colombia. After 9 months, the hostage was released.
June 25
Islamic radical terrorists opposed to the western military presence in the Gulf region, explode a truck bomb next to a USAF housing area at Dhahran, Saudi Arabia, killing 19 American servicemen and 385 injuring more.
November 1
In Sudan, a breakaway group from the Sudanese People's Liberation Army (SPLA) kidnapped three International Committee of the Red Cross (ICRC) workers, including a U.S. citizen, an Australian, and a Kenyan. On December 9, the rebels released the hostages in exchange for ICRC supplies and a health survey for their camp.
December 11
Five armed men claiming to be members of the Revolutionary Armed Forces of Colombia (FARC) kidnapped and later killed a U.S. geologist at a methane gas exploration site in La Guajira Department
December 17
Twenty-three members of the Tupac Amaru Revolutionary Movement (MRTA) took several hundred people hostage at a party given at the Japanese Ambassador's residence in Lima, Peru. Among the hostages were several U.S. officials, foreign ambassadors and other diplomats, Peruvian Government officials, and Japanese businessmen. The group demanded the release of all MRTA members in prison and safe passage for them and the hostage takers. The terrorists released most of the hostages in December but held 81 Peruvians and Japanese citizens for several months.


February 14
Six armed Colombian guerrillas kidnapped a U.S. oil engineer and his Venezuelan pilot in Apure, Venezuela. The kidnappers released the Venezuelan pilot on February 22. According to authorities, the FARC is responsible for the kidnapping.
February 23
A Palestinian gunman opened fire on tourists at an observation deck atop the Empire State Building in New York City, killing a Danish national and wounding visitors from the United States, Argentina, Switzerland, and France before turning the gun on himself. A handwritten note carried by the gunman claimed this was a punishment attack against the "enemies of Palestine."
February 24
National Liberation Army (ELN) guerrillas kidnapped a U.S. citizen employed by a Las Vegas gold corporation who was scouting a gold mining operation in Colombia. The ELN demanded a ransom of $2.5 million.
March 7
FARC guerrillas kidnapped a U.S. mining employee and his Colombian colleague who were searching for gold in Colombia. On November 16, the rebels released the two hostages after receiving a $50,000 ransom.
October 30
Al-Sha'if tribesmen kidnapped a U.S. businessman near Sanaa. The tribesmen sought the release of two fellow tribesmen who were arrested on smuggling charges and several public works projects they claim the government promised them. They released the hostage on November 27.
November 12
Two unidentified gunmen shot to death four U.S. auditors from Union Texas Petroleum Corporation and their Pakistani driver after they drove away from the Sheraton Hotel in Karachi. The Islami Inqilabi Council, or Islamic Revolutionary Council, claimed responsibility in a call to the U.S. Consulate in Karachi. In a letter to Pakistani newspapers, the Aimal Khufia Action Committee also claimed responsibility.


March 21-23
FARC rebels kidnapped a U.S. citizen in Sabaneta, Colombia. FARC members also killed three persons, wounded 14, and kidnapped at least 27 others at a roadblock near Bogota. Four U.S. citizens and one Italian were among those kidnapped, as well as the acting president of the National Electoral Council (CNE) and his wife.
August 7
US Embassies in Nairobi, Kenya, and Dar-es-Salem, Tanzania, heavily damaged by massive bomb attacks. US intelligence blames Islamic groups linked to Saudi dissident Osama Bin Laden.
November 15
Armed assailants followed a U.S. businessman and his family home in Cundinamarca Department and kidnapped his 11-year-old son after stealing money, jewelry, one automobile, and two cell phones. The kidnappers demanded $1 million in ransom. On January 21, 1999, the kidnappers released the boy.
December 28
Yemini militants kidnap a group of western tourists, including 12 Britons, 2 Americans, and 2 Australians on the main road to Aden. Four victims were killed during a rescue attempt the next day.

February 25
FARC kidnapped three U.S. citizens working for the Hawaii-based Pacific Cultural Conservancy International. On March 4, the bodies of the three victims were found in Venezuela.
March 1
150 armed Hutu rebels attacked three tourist camps in Uganda, killed four Ugandans, and abducted three U.S. citizens, six Britons, three New Zealanders, two Danish citizens, one Australian, and one Canadian national. Two of the U.S. citizens and six of the other hostages were subsequently killed by their abductors.
March 23
Armed guerrillas kidnapped a U.S. citizen in Boyaca, Colombia. The National Liberation Army (ELN) claimed responsibility and demanded $400,000 ransom. On July 20, ELN rebels released the hostage unharmed following a ransom payment of $48,000.
May 30
In Cali, Colombia, armed ELN militants attacked a church in the neighborhood of Ciudad Jardin, kidnapping 160 persons, including six U.S. citizens and one French national. The rebels released approximately 80 persons, including three U.S. citizens, later that day.
June 27
In Port Harcourt, Nigeria, armed youths stormed a Shell oil platform, kidnapping one U.S. citizen, one Nigerian national, and one Australian citizen, and causing undetermined damage. A group calling itself "Enough is Enough in the Niger River" claimed responsibility.
August 4
An Armed Forces Revolutionary Council (AFRC) faction kidnapped 33 UN representatives near Occra Hills, Sierra Leone. The hostages included one U.S. citizen, five British soldiers, one Canadian citizen, one representative from Ghana, one military officer from Russia, one officer from Kyrgyzstan, one officer from Zambia, one officer from Malaysia, a local Bishop, two UN officials, two local journalists, and 16 Sierra Leonean nationals.
December 23
Colombian People's Liberation Army (PLA) forces kidnapped a U.S. citizen in an unsuccessful ransom effort.

June 27
In Bogota, Colombia, ELN militants kidnapped a 5-year-old U.S. citizen and his Colombian mother, demanding an undisclosed ransom.
August 12
In the Kara-Su Valley, the Islamic Movement of Uzbekistan took four U.S. citizens hostage. The Americans escaped on August 12.
October 12
In Sucumbios Province, Ecuador, a group of armed kidnappers led by former members of defunct Colombian terrorist organization the Popular Liberation Army (EPL), took hostage 10 employees of Spanish energy consortium REPSOL. Those kidnapped included five U.S. citizens, one Argentine, one Chilean, one New Zealander, and two French pilots who escaped 4 days later. On January 30, 2001, the kidnappers murdered American hostage Ronald Sander. The remaining hostages were released on February 23 following the payment of $13 million in ransom by the oil companies.
October 12
In Aden, Yemen, a small dingy carrying explosives rammed the destroyer U.S.S. Cole, killing 17 sailors and injuring 39 others. Supporters of Usama Bin Ladin were suspected.
December 30
A bomb exploded in a plaza across the street from the U.S. embassy in Manila, injuring nine persons. The Moro Islamic Liberation Front is allegedly responsible.


September 11
Two hijacked airliners crashed into the twin towers of the World Trade Center. Soon thereafter, the Pentagon was struck by a third hijacked plane. A fourth hijacked plane, suspected to be bound for a high-profile target in Washington, crashed into a field in southern Pennsylvania. More than 3,000 U.S. citizens and other nationals were killed. President Bush and Cabinet officials indicated that Usama Bin Laden was the prime suspect and that they considered the United States in a state of war with international terrorism.

Re:This is like... (1)

vettemph (540399) | more than 8 years ago | (#14445731)

...Satan supporting the bible.

  Of course Satan supports the bible. It's a mutual relationship. Neither would exist without the other. Then again, the bible could exist without Satan but the Bible wanted a "Bad guy" charactor for scare-mongering purpose.

Wow. (4, Funny)

Capt James McCarthy (860294) | more than 8 years ago | (#14444890)

You mean a whole 1.24 million dollars. Talk about pushing the budget.

Wow... but is it right? (2, Insightful)

MyNameIsFred (543994) | more than 8 years ago | (#14445078)

You mean a whole 1.24 million dollars. Talk about pushing the budget
Your snide comment misses the point. What was the scope of work proposed? Does 1.24 million support the work they intend to do? Saying they should spend more without a reason is dumb.

Symantec? (3, Insightful)

marcushnk (90744) | more than 8 years ago | (#14444892)

What has Symantec to do with OSS?
Surely there is a group/company more appropriate than Symantec to scrub for bugs?!?

Coming from those who advised not to use MSIE... (0)

Anonymous Coward | more than 8 years ago | (#14444903)

... this is another step in the right direction. Love them or hate them, this is a Good Thing®.

My image today is "impress." Sounds about right.

Socialism? (1)

Threni (635302) | more than 8 years ago | (#14444909)

>It's nice that our tax dollars are being used for the right stuff."

I guess it'll trickle down from commercial organisations to poor people...

Re:Socialism? (1)

llamadillo (936949) | more than 8 years ago | (#14445033)

Right. 'Cause Stanford's a commercial organization. Look at how much profit they got for becoming the second node on ARPANET. Not to mention how much a school like Dartmouth got for coming up with a concept like Blitzmail, which gave free email to its students long before most people even knew what it was. Thanks for reminding me about how rich all of those academicians are.

Re:Socialism? (1)

Threni (635302) | more than 8 years ago | (#14445133)

And Symantec?

Re:Socialism? (1)

llamadillo (936949) | more than 8 years ago | (#14445530)

And Symantec?

...is being paid USD$100K over 3 years. That's less than a drop in the bucket for a corporation, and less than an eighth of what's being paid to the NPO (Stanford). That's the basis for my disagreement with your original post.

Granted, I'm sure Symantec will be able to reserve some sort of right to license any product(s) that is/are generated via the joint venture, which could potentially more than make up that difference.

Still, I think the benefit of having a broader degree of input (academia/NPO and corporations) outweighs the perceived (by some) negative consequence of having a government institution pay a corporation for input on OpenSource tools. Stating that a $100K grant to a corporation to develop tools to secure the online world isn't money being "used for the right stuff" because it's not going to help the poor is sort of a bizarre statement. Especially if that $100 laptop ever takes off :)

6 articles in a row from Scuttlemonkey (-1)

Anonymous Coward | more than 8 years ago | (#14444915)

And none submitted by BeatlesBeatles? Have we scared him off?

Wait... Symantec? (4, Funny)

ettlz (639203) | more than 8 years ago | (#14444925)

They have coders working for them now?!

Re:Wait... Symantec? (1)

zazzel (98233) | more than 8 years ago | (#14444982)

Actually, it's just a new honorary title for some of their marketing staff :-)

Re:Wait... Symantec? (1)

ettlz (639203) | more than 8 years ago | (#14445059)

Actually, it's just a new honorary title for some of their marketing staff :-)

That figures. I mean, no coder would ever produce something like Norton AntiVirus or Personal Firewall. People tend to commit suicide before the self-esteem gets that low.

I'm really not sure I want their grues running amok all over Free code.

OSS what does it mean? (4, Interesting)

Elixon (832904) | more than 8 years ago | (#14444940)

OSS? What is it? Does it mean that Symantec will produce/improve OSS software and all related patents that will be registered (thanks to your taxes) will be released to public too?

Or is it that you sponsor OSS but proprietary software and further patnet vault of privately held corporations?

Is it good to "sponsor" privately held company in the field where it figths with conmpetition?

Precursor to AI? (1)

Jaysyn (203771) | more than 8 years ago | (#14444943)

The tech behind what they are doing seems pretty neat. How long before we have software writing bugfree software? How much farther behind that (with hardware keeping up) is true heuristical AI?


Re:Precursor to AI? (1, Funny)

Dunbal (464142) | more than 8 years ago | (#14445042)

How long before we have software writing bugfree software?

      Man we don't even have PEOPLE writing bug free software... so picture the bug in the bug free software writer that introduces bugs....

Looks like someone has a well-placed friend (4, Insightful)

2Bits (167227) | more than 8 years ago | (#14444955)

Ok, so this is a grant. Does it mean that any software developed as a result of this grant will be open-sourced, and publicly available to all, free of charge? If not (and everything indicates that it won't be), I'd say, someone has a well-placed friend and got free money to develop their own proprietary software. Yeah, it will scan major open source softwares, and yeah, the database will be public (?), but then the tools from the grant money are still proprietary.

I thought only China has "guanxi" problem?

Re:Looks like someone has a well-placed friend (1)

darjen (879890) | more than 8 years ago | (#14445489)

This was my thoughts exactly, this is just another government handout. Now they will be getting their dirty fingers into open source and mucking it up just like everything else they do.

Re:Looks like someone has a well-placed friend (0)

Anonymous Coward | more than 8 years ago | (#14445531)

Yes it will! if you read the 678 page grant printed in 3 point font size you will see in section 4468.7 that everything will be open sourced right after the binary modules supplied by the government are added to the project.

Oh and the littel section that calls for the death penalty for running a disassembler on that binary module is just after it.

Kind of like the WMA exploit. smells HARD like a fricking back door to me. Itwas intentional, the image carry's the payload? Someone found an NSA backdoor in windows and exploited it.

How do you think they were getting their secret tracking software on people's computers?

commitment (1)

slashk (519084) | more than 8 years ago | (#14444961)

$1.2 Million doesn't seem like a whole lot, I hate to say.
Yes, it is a statement that DHS is supporting open source, but that's about it.
That represents like .01% of the investment behind Vista, and probably .05% of the investment behind security in Vista.

In any case, I hope they spend it well.
Considering that about 50% of the money going to Stanford goes
to 'overhead', that leaves enough for about 3 FT programmers over the 3 year period.
3 FT programmers over 3 years (maybe 4 if you get them cheap), is a literal drop in the bucket.
Again, MS spends more on MSDN Channel 9 than this.

analysis tools? (1)

slashk (519084) | more than 8 years ago | (#14444996)

last time i checked, most of linux and its accompanying OSS was written in the C programming language.

are they proposing building a 'i think know what you meant' version on lint or something?

if they can do this, then they deserve the wolf prize, and the nobel prize and some new prize.

kind of reminds me of a project i saw (run by an standard cs grad-student no less), to automatically convert C libraries into web services.
they got a little bit stuck when the moved passed integers and had to deal with pointers

Symantec? (1)

Evro (18923) | more than 8 years ago | (#14445015)

The money going to Stanford will certainly be put to good use, and I don't know anything about Coverity, but why would we give money to Symantec? They're ostensibly a (private) "security" company, and seem to be raking in money, so why do they need grant money? I don't know about anyone else, but outside of Norton Antivirus I don't see what Symantec really has to do with security these days. Most people I've spoken to find products like Zone Alarm better than the Symantec offerings for end-user firewalls. It just seems like they're more of a one-trick pony - Windows antivirus - so why would they even be considered for "Open Source Security"?

Coverity == Stanford (1)

vs (21446) | more than 8 years ago | (#14445164)

FWIW, Coverity is a spin-off of Dawson Engler's work at Stanford.

OpenBSD (0, Flamebait)

Anonymous Coward | more than 8 years ago | (#14445021)

The list of open-source projects that Stanford and Coverity plan to check for security bugs includes Apache, BIND, Ethereal, KDE, Linux, Firefox, FreeBSD, OpenBSD, OpenSSL and MySQL, Coverity said.

Most of them need a lot of work. However why do I get the feeling that when they get to OpenBSD, they will realise that:

1. The version of Apache OpenBSD are maitaining will be the best to focus on, instead of Apache proper.
2. BIND really needs a good going over.
3. Ethereal ditto.
4. KDE ditto.
5. Linux should not be used, as it is beyond economical repair.
6. Firefox needs a good going over.
7. FreeBSD has awesome performance but is very worthy of a good security audit.
8. MySQL was a mistake and PostgreSQL should have been chosen.
9. and OpenBSD should get the wide scale recognition it deserves and take the position which Linux has been fraudulently occupying for far too long.

Re:OpenBSD (3, Insightful)

vmalloc_ (516438) | more than 8 years ago | (#14445925)

Amen, man. Here's a DHS security initiative that would have cost nothing: Switch to OpenBSD if security is a concern, and check periodically for security advisories.

This spending is just more pork barrel crap that will probably not accomplish anything and will just get pocketed by somebody. Security doesn't just get fixed with a couple million bucks and a year of coding, it's an ongoing long term process, and the #1 problem with security today is lack of education and/or indifference on security issues, NOT a lack of pork barrel spending.

Potental Funding for Twelve Steps in TrustABLE IT! (2, Insightful)

NZheretic (23872) | more than 8 years ago | (#14445028)

See Twelve Step TrustABLE IT : VLSBs in VDNZs From TBA [blogspot.com].

Stanford is also the home of the Meta-level Compilation (MC) project [stanford.edu], a useful auditing tool for trusted build agents.

Now that Microsoft is getting into the signiture and behavour based antivirus industry, maybe Symantic could turn its patten matching technology to checking source code instead of binaries.

And why again is Symantec trustworthy ? (5, Interesting)

CaptainZapp (182233) | more than 8 years ago | (#14445074)

Being one of the companies not detecting the infamous Sony rootkit [wired.com] I'd be really interested to know why Symantec should be trusted for anything security related.

As far it concerns me I deeply distrust all "security companies" since this little incident.

More ScuttleMonkey? (-1, Offtopic)

amightywind (691887) | more than 8 years ago | (#14445077)

Yesterday CmdrTaco takes the unusual step of explaining his rationale behind supporting spam submitters and link whores like ScuttleMonkey. He receives a ton of replies expressing dissatisfaction with the practice and suggesting remedies to the problem. What do we get today? 6 more ScuttleMonkey submissions. Am I missing something?

Re:More ScuttleMonkey? (-1)

Anonymous Coward | more than 8 years ago | (#14445113)


You don't know WTF you're talking about (-1, Offtopic)

brunes69 (86786) | more than 8 years ago | (#14445116)

Nice try to hop on the bandwagon of an issue you are obviously ignorant to.

ScuttleMonkey didn't post *any* stories, he is an editor, he merely *approved* them. No one gives a rats ass if ScuttleMonkey approves a large number of stories ina day, if they are good then it just means he is doing his job.

The whole issue surrounds **Beatles-Beatles** and how every one of his submissions that are approved seem to go through ScuttleMonkey, and that he always links to a beatles-oriented site, in what is obviously a grab for PageRank. Many feel that there seems to be some kind of back-patting going on between **Beatles-Beatles** and ScuttleMonkey (why is it always ScuttleMOnkeyt hat approves his submissions? Why do so many of his submissions get approved?)

So until you know the *real* issue, go back to sleep. There is nothing wrong with this article.

Re:You don't know WTF you're talking about (1)

VMEbus (873863) | more than 8 years ago | (#14445175)

"Many feel that there seems to be some kind of back-patting going on between **Beatles-Beatles** and ScuttleMonkey"

cmdrTaco explained this yesterday by the fact the ScuttleMonkey works the night shift which is the timeframe BB submited most all his articles.

This also explains why the last 6 stories have been posted by SM.

Re:You don't know WTF you're talking about (-1, Troll)

amightywind (691887) | more than 8 years ago | (#14445331)

I think my criticism that there is cronyism in the administration of this site is valid.

Nice... (1)

BearCave (933225) | more than 8 years ago | (#14445101)

but quite political.

This is just a jesture, nothing more. Symantec has had its head up it's tail for so long it thinks thats what the world looks like.

Leave it to the government to spend money just to make a statement that could possibly have more negative ramifications than positive. If there is no game plan or drive to a specific goal opponents will be more successfull at blowing the results in another direction. This does smack of a feeble attempt by a do-gooder(s).

FUD reporters will have a field day (2, Insightful)

houghi (78078) | more than 8 years ago | (#14445117)

I can just see the article they will write:

The unsafe Linux, wich we reported on before is nearing its end. In a last struggle to survive, the Heimat Security steps in, because the Linux comunity is unable to solve the security leaks themselves. The testing will be done by Symantec with closed source as to guarantee the quality open source themselves is unable to give.

This was a broadcast from the Heimat Security Newspaper aproved press.
Keep out nation free by suporting the companies that will fight for your real freedom. The freedom to consume.

(Go on. Mod me down. I have Karma to burn.)

Come, Sherman, to the Wayback Machine! (0)

Anonymous Coward | more than 8 years ago | (#14445123)

This is not news.

The US government and the military in particular has required documentation of every function and procedure of software they use, down to what it does and how it does it. Using open source software with freely available source code isn't much of a stretch.

Many moons ago, in fact, Microsoft was forced to remove the easter eggs from Windows XP because the military wouldn't touch it if it had undocumented functions - even frivilous ones.

Oxymorons (2, Insightful)

delire (809063) | more than 8 years ago | (#14445128)

The last thing Symantec can afford is the proliferation of secure operating systems.

They'd do better offering money to Linux/*BSD kernel development or the Mozilla Foundation (for instance).

Automatic Code Error spotting (1)

MECC (8478) | more than 8 years ago | (#14445163)

So, if they'll improve a computer program that spots errors in code (which I suppose will benefit all, not just OSS), will they be able to develope a computer program to fix the errors? Of does that already exist?

We'll need the puny humans for what, exactly, again? Oh, that's right, to build the hardware...

Re:Automatic Code Error spotting (1)

conteXXt (249905) | more than 8 years ago | (#14445225)

Build? I am sure you meant prepare the design for the automated tools that build hardware.

I am fairly sure nobody is hand building much of what is in a computer.

Asians have small hands but not that small. (It's a joke)

Why? (0)

Anonymous Coward | more than 8 years ago | (#14445273)

Why didn't they just use the version of Linux that the NSA wrote?

Open sourse (2, Insightful)

catahoula10 (944094) | more than 8 years ago | (#14445280)

It seems logical to me that if Symantic wants to be involved with "Open Source" that they should become open source first.

Then maybe the open sourse community can help them with some of their problems like this one:

"Symantec has admitted its flagship consumer security application, Norton AntiVirus 2005, has a security vulnerability that allows certain types of malicious script to infect a user's personal computer with a virus."

http://www.zdnet.com.au/news/security/0,2000061744 ,39165825,00.htm [zdnet.com.au]

tax dollars...right stuff...??? (1)

Raistlin77 (754120) | more than 8 years ago | (#14445309)

It's nice that our tax dollars are being used for the right stuff.

It might just be me, but Symantec getting my tax dollars is far from the way I imagined it being spent on "the right stuff".

And what are they getting in return? (1)

cryptocom (833376) | more than 8 years ago | (#14445343)

What exactly is the DHS getting in return for their investment? You know the government NEVER invests money in something if there's nothing in it for them. Think 'backdoor'.

Conspiracy Theories Abound (1)

Dareth (47614) | more than 8 years ago | (#14445503)

Many conspiracy theories abound whenever anyone oustide the Open Source community contribute anything to the process. I do not believe bug reports are going to introduce "back doors" to the software that many of us use on a daily basis.

If you want a real conspiracy theory, or a Symantec angle in particular, think "Trusted Computing", Palladium. If they have never "studied" Open Source, they would not have a leg to stand on in saying that Open Source software is not to be trusted.

Do I believe the above? Not really. Simplest explanation would be that the DHS found a way to use the new buzz words "Open Source" as an excuse/reason to give money to private companies and universities. Take whatever good comes from it and use it. Take whatever bad comes of it and use it as a lesson. There is always something to be learned.

This will last another few days (1)

HangingChad (677530) | more than 8 years ago | (#14445390)

Then MSFT will start calling their contacts on the K Street Project. They'll turn around and contact their Republican buddies on the staffs of key legislators and committee members and I bet by this time next week Homeland Security will be "re-examining" their approach to open source.

Hire the OSS developers (1)

CrazedWalrus (901897) | more than 8 years ago | (#14445494)

Maybe this money would be better spent by paying the developers of the major applications, or hiring new developers to work on them. A major part of their job descriptions would be securing and vetting patches for the software they're working on.

I'd think this would improve security greatly, and speed up development in general.

Want to Improve OSS Security? (5, Insightful)

Greyfox (87712) | more than 8 years ago | (#14445573)

Start up the old auditing program again. Source code auditing is boring work, but another set of eyes going over the code with security in mind really does help a lot. Just go down every function in the C library and work your way out to common daemons and system utilities that usually run setuid. Maybe spend some quality time with common tools that access the internet like firefox, email clients, etc. Just read each function looking for buffer overflows and other ways it might be compromised, document what you find, write a test to try to crash it, submit patches to the original authors and publish your findings and tests on the web somewhere. That leaves you with a full set of security regression tests for every product you look at.

A team of 4-5 people could probably finish off the C standard library in a matter of months and make good progress on the more common daemons that are often run on Linux systems (Bind, apache, the various mail servers, etc) in the span of a year. The money DHS is spending on this would be more than enough to hire a team that size for a year to work on that.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account