- home
- reviews
- news
- downloads
- cnet tv
HOLIDAY HELP DESK: Broadcasting live at 1:00 p.m., PT
- log in
- join CNET
- welcome,
- my profile
- log out

Comments on: 11 open-source projects certified as secure

Under contract with the Department of Homeland Security, Coverity seeks to establish a new security baseline for open-source applications.

Add a Comment (Log in or register) (3 Comments)

Potentially secure

by Astinsan January 8, 2008 8:56 AM PST

Most of these items have the potential of being secure. A improper setting Postfix, php and perl can be disastrous.

I know you were really talking about the source code though. Mature projects are usually pretty good.

Like this Reply to this comment

Good point!
by kingttx January 8, 2008 3:22 PM PST: That is a good point. Although I was going to use this for a good-hearted jab at some anti-PHP folks on our LUG list, I just can't bring myself to twist up the logic like that. Like you say, bad settings can screw up secure source.; Like this

Sec Code != Sec App
by the osd guy January 9, 2008 3:20 PM PST: What about design flaws?
What about info disclosures?
What about denial of service issues?
What about unxepected parse failures?
What about ...

There is more to secure applications than making sure ur buffers are correctly sized. Static analysis cant fully guarentee that and fuzz testing can only verify the product is as reliable as the fuzzer's randomizor logic.; Like this Reply to this comment

(3 Comments)

About Defense in Depth

Covering computer viruses and computer crime, Robert Vamosi goes beyond the hype to provide you with expert interviews of the top security researchers, as well as offering the hands-on, nontechnical advice you'll need to stay safe online.