Open Source Hardening Project
Home > Security Definitions - Open Source Hardening Project
SearchSecurity.com Definitions (Powered by WhatIs.com)
EMAIL THIS
LOOK UP TECH TERMS Powered by: WhatIs.com
Search listings for thousands of IT terms:
Browse tech terms alphabetically:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

Open Source Hardening Project

Show me everything on Open Source Security Tools and Applications


Word of the Day


DEFINITION - The Open Source Hardening Project is an initiative of the United States Department of Homeland Security, created to improve the security of open source code. Because the infrastructure of the Internet, financial institutions and many other critcal systems in the U.S. run on open source software, the security of these applications is crucial.

Participants in the project were given grants from Homeland Security: Stanford University ($841,276), Coverity ($297,000) and Symantec ($100,000). Stanford and Coverity collaboratively developed Prevent, an automated system for scanning submissions from open source programmers to popular projects. Vulnerabilities found are documented in a database for the development community. Coverity employs a rating system called the "Scan Ladder" to rank projects on a progressive track to security certification. Symantec's role is to test out Scan in the proprietary software that they work with and to provide security expertise.

Homeland Security lists the Department's priorities in their National Cyberspace Strategy document:

  • Identifying and remediating existing vulnerabilities.
  • Developing systems with fewer vulnerabilities and assessing emerging technologies for vulnerabilities.
They list sub-priorities as:
  • Securing the mechanisms of the Internet.
  • Improving the security and resilience of key Internet protocols.
  • Reducing and remediating software vulnerabilities.
  • Assessing and securing emerging systems.

In the project's first year, 50 projects scanned yielded over 6000 vulnerabilities, which were fixed by open source developers using Prevent's results. In the second year there were 150 projects scanned. By March 2008, 7,826 defects had been fixed in 267 projects. Higher ranked projects that fix the most vulnerabilities get deeper access to Prevent's features.

The project, formally known as the Vulnerability Discovery and Remediation, Open Source Hardening Project, launched in March 2006 and is scheduled to run for three years, with a budget of 1.24 million dollars. Some of the better-known projects scanned include Apache, Firefox, GIMP and a number of forms of Linux and BSD.

Learn more about Open Source Security Tools and Applications
How to use Nmap to scan a network: Peter Giannoulis takes a look at everybody's favorite, freely available port scanner and OS identifier: Nmap.
Screencasts: On-screen demonstrations of security tools: Using easy-to-follow demos, SearchSecurity.com's best experts walk you through today's popular information security tools and techniques.
Nessus 3 Tutorial: Network security expert Mike Chapple examines the new features in Nessus 3.2 and explains how the scanner can offer detailed reports on an enterprise's network security risks.
Fuzzing: Brute Force Vulnerability Discovery: In this Chapter 21 excerpt from "Fuzzing: Brute Force Vulnerability Discovery," authors Michael Sutton, Adam Greene, and Pedram Amini examine fuzzing frameworks, including SPIKE.
Nmap Technical Manual: An Nmap technical manual, detailing how this free tool can help make your organization more secure.
Snort Intrusion Detection and Prevention Guide: Answers to frequently asked questions related to the open source Snort intrusion detection and prevention system.

LAST UPDATED: 08 Apr 2008

Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com

More resources from around the web:
- News.com reports on the initiation of the Open Source Hardening Project.
- SearchSecurity.com describes how the Open Source Hardening Project is discovering flaws.
- This PDF document evaluates Prevent.
- Coverity offers a FAQ list about Scan.





FILE EXTENSION AND FILE FORMAT LIST
File Extension and File Format List:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #


RELATED CONTENT
Screencasts: On-screen demonstrations of security tools
Using easy-to-follow demos, SearchSecurity.com's best experts walk you through today's popular information security tools and techniques.
PuTTY configuration tips: How to connect to remote network systems
Peter Giannoulis reviews PuTTY and explains how to use the Windows-based program as an SSH, telnet and rlogin client.
Screencast: Find rogue wireless access points with Vistumbler
Peter Giannoulis of TheAcademyHome.com and TheAcademyPro.com explains how to use the basic features of the free Vistumbler tool.

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
Blowfish  (SearchSecurity.com)
Kermit  (SearchSecurity.com)




Get More Open Source Hardening Project Answers