January 9, 2008
Coverity, which creates automated source-code analysis tools, announced late Monday its first list of open source projects that have been certified as free of security defects.
Eleven projects made the list: Amanda, NTP, OpenPAM, OpenVPN, Overdose, Perl, PHP, Postfix, Python, Samba, and TCL.
San Francisco-based Coverity, working in collaboration with Stanford University and under a contract from the Department of Homeland Security, is analysing source code to certify that open source projects written in C, C++, and Java are secure. Coverity has not disclosed the amount of the DHS contract.
The certification was created so that companies can "select these open source applications with even greater confidence," Coverity said.
The company uses a ladder metaphor in its certification process.
Rung 2, which was announced late Monday and is the most secure level to date, includes the 11 projects. Rung 1 now includes 86 projects. Rung 0, the lowest level, currently lists 173 projects.
In all cases, open source vendors must fix all vulnerabilities discovered by Coverity's tools in order to move up the rungs of the security ladder.Backup Security: White paper on top considerations for implementing secure backup and recovery solution.