News
- +
How to Save the Internet 12/05/2005 10:59:59
Imagine labels on software like those on cigarettes - Infosecurity General's Warning: The use of software and hardware that is not certified secure can harm your system and other people's systems, and you may be held liable for those damages.Computing on the Net is heading for a fall because security is a joke. So we summoned the best minds to see if we could put Humpty back together again. - +
Finally, a Real Return on Security Spending 08/04/2002 09:15:00
For years CIOs have had to use scare tactics and other soft arguments to justify an investment in security. Now, for the first time, they may be able to get numbers they need to show a measurable ROI. - +
The Bugs Stop Here 11/06/2003 12:07:08
Don't Blame Microsoft. Don't blame the hackers. Blame yourself for insecure software. Better yet, Stop Blaming and start Moving towards operational ExcellenceVendors, for the most part, value time-to-market over security. As long as they can get away with shipping buggy code, they will. And CIOs, as a group, have been passive, assuming there was little they could do to effect change - +
IT Autopsy 06/04/2001 14:15:50
No longer an obscure component of network security, computer forensics has blossomed into a science all its own - +
Software tightens loose network endpoints 14/12/2004 12:32:41
If you manage IT for a government organization -- be it federal, state, or local -- you don't have the luxury of waiting to harden your network defenses, unlike IT managers of commercial enterprises. Public agencies are legally accountable for safeguarding the information they have on their computers, so you must protect that information to avoid serious consequences.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
The U.S. Department of Homeland Security (DHS) has awarded a US$1.24 million three-year grant to Stanford University and software vendors Coverity and Symantec. The grant will fund daily security audits and analysis of more than 40 open-source projects including Apache, Linux, Mozilla, MySQL and PostgreSQL.
Known as the Vulnerability, Discovery and Remediation Open Source Hardening Project, the grant forms part of a broad initiative by the DHS Science and Technology Directorate to encourage the development and deployment of technologies to protect the country's key computer systems networks, including the Internet, according to Coverity executives. The awarding of the grant was announced Wednesday.
Under the terms of the grant, Stanford will receive a total of US$841,276 in funding over the three-year period, Coverity US$297,000 and Symantec US$100,000. Source-code analysis startup Coverity will receive the bulk of its funding, US$237,000, in the first year of the grant, with the remainder of the money, US$60,000, to be paid out equally over the two following years, according to Rob Rachwald, senior director of product and corporate marketing with Coverity.
Coverity will use the money to extend its Prevent software so it can analyze the source code of a wider variety of open-source projects for software defects and security vulnerabilities.
"We'll develop the [Prevent] tool so we're able to understand what the government needs in terms of defect detection, software reliability and software security," Rachwald said Wednesday.
Coverity's Prevent will carry out automatic daily security audits of the open-source projects and post the defects it finds in a public online bug database, according to Rachwald. Stanford will contribute staff to provide recommendations for developing secure open-source software in future. Among those contributing will be Dawson Engler, an associate professor of computer science at Stanford and a co-founder of Coverity, Rachwald said. Symantec will draw on its expertise in security software to suggest both best security practices for the U.S. government to adopt and how to deploy software in a secure fashion so as to lower the incidence of any attacks, he added.
Coverity plans to have the daily audits for an initial 40 open-source projects up and running by March, according to Rachwald. However, he expects more open-source projects to be added over time in response to requests by the DHS. Coverity is still determining exactly how it will present the bug database online. The company may use the same method it does with Linux with its http://linuxbugs.coverity.com Web site, which developers have to log into or else make the audits available via Stanford's Web site, he said.
"This is part of a trend where government is adopting a lot of the technology software companies already have," Rachwald said, pointing to the likes of McAfee, Sun Microsystems and Symantec, which already use Coverity's Prevent technology.
The DHS did not immediately return calls for comment.
This is Coverity's first DHS grant, according to Rachwald. The company applied for the grant in December 2004.
Coverity's technology originated in Stanford's computer systems laboratory. The company, which has its headquarters in San Francisco, was founded in 2002.
Computerworld Member Login
Realise Your VMware Vision: Storage Consolidation and Virtualization for Small to Medium Businesses
10:30 - 11am (EST, Sydney, Australia)
Wednesday, 4th June 2008
Screening live at your PC
Join Computerworld and our expert speakers:
- Jean-Marc Annonier, Research Manager, IT Spending, IDC
- Howard Porter, SMB Channels Manager, VMware
- Clive Gold, Product Marketing Manager Australia/New Zealand, EMC Corporation
to learn about the various virtualization technologies available today and what factors are driving it in small to medium businesses. Discover use cases and technologies that allow successful virtualization and storage consolidation for a more flexible IT infrastructure.
- +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future. - +
Data Management Edition #9: Data centre makeover 24/04/2008 07:43:06
This week CW Live looks at the death of the old style data centre which is undergoing its first makeover in more than 30 years. - +
IT Security Edition #9: Inside the bug trade. 16/04/2008 09:08:12
This week guidelines are released for the mandatory reporting of security breaches and we go inside the black market bug trade.
Advanta Software and Markitforce win NSW iAward in the e-Logistics category 2008-05-13 15:31:00+10
NetApp Strengthens Customers’ Disaster Recovery with Support for VMware Site Recovery Manager 2008-05-13 13:30:00+10
Acronis Celebrates First Year in ANZ with Huge Revenue Growth and Appointment of a New Distribution Manager 2008-05-13 12:57:00+10
Top Analyst Firm Positions RSA in Leaders Quadrant for Security Information and Event Management 2008-05-13 10:49:00+10
Civica acquires Fujitsu’s Australia and New Zealand local authorities business 2008-05-13 10:04:00+10
Application Modernization: Preserving Your Organization’s DNA
Modernization has once again attained buzz-word status. But like any other term with billions of dollars swimming around it, modernization has taken on some unexpected connotations. Read on to discover how to embrace modernization in your organization successfully.
