• SwA Communities
• SwA Forums & Working Groups
• Workforce Education & Training
•     - Activities
•     - Resources
•     - Collaborations
•     - Licensing and Certification
• Processes & Practices
•     - Activities
•     - Resources
•     - Collaborations
• Technology & Tools
•     - Activities
•     - Resources
•     - Collaborations & Research
• Acquisition & Outsourcing
•     - Activities
•     - Resources
•     - Collaborations
• Measurement & Business Case
•     - Activities
•     - Resources
•     - Business Case
•     - Collaborations & Examples
•     - Resources
• Malware & Cyber Observables
•     - Activities
•     - Resources
• Resilient Software
• SwA Market Place
• SwA Landscape
• SwA Ecosystem
• Security Automation & Measurement
• Build Security In

Open Source Resources

DISCLAIMER

Coverity Scan
Initiated in 2006 in collaboration with the Department of Homeland Security, the Coverity Scan Initiative has identified almost 50,000 defects within more than 290 open source projects including Linux, Apache, PHP, and Android, with over 15,000 defects fixed to date.

DHS S&T Homeland Open Security Technology (HOST)
The mission of the Homeland Open Security Technology (HOST) program is to investigate open security methods, models, and technologies and identify viable and sustainable approaches that support national cyber security objectives.

To achieve this mission, HOST will lead efforts of discovery, collaboration, and seeding development in open source software and practices that produce a measurable impact.

FLOSS Weekly 160: Open Source Software at the Department of Defense
Hosts Randal Schwartz and Simon Phipps interview David Wheeler of the Institute for Defense Analyses to discuss open source software at the Department of Defense.

FLOSS Weekly 189: PerlCritic
PerlCritic is an open source static analysis tool created by Jeffrey Thalhammer for creating and applying coding standards to Perl source code. PerlCritic is distributed with a number of Perl::Critic::Policy modules that attempt to enforce various coding guidelines. Most Policy modules are based on Damian Conway's book, Perl Best Practices. PerlCritic is extensible and can implement new Policy modules to suit the programmer or development organization, even support policies that contradict Conway. Jeffrey Thalhammer was interviewed by Randal Schwartz and Simon Phipps on FLOSS Weekly at TWIT.TV.

Journal of Software Technology: DoD and Open Source Software
The Department of Defense Journal of Software Technology (JOST) is published quarterly by the Data & Analysis Center for Software (DACS). Issue #56 addresses topics on Open Source Software.

The Unfortunate Reality of Insecure Libraries
By Jeff Williams, CEO, Arshan Dabirsiaghi, Director of Research, Aspect Security
80% of the code in today’s applications comes from libraries and frameworks. The risk of vulnerabilities in these components is widely ignored and underappreciated. In partnership with Sonatype, our researchers analyzed over 113 million downloads by more than 60,000 commercial, government and non-profit organizations. We studied the 31 most popular Java frameworks and security libraries downloaded from the Central ("Central") Repository and discovered that 26% of these have known vulnerabilities. Every organization should be concerned about the security of the components that they use and trust to run their business. The study focuses only on open-source Java libraries, but there is no reason to believe that the data for other languages and platforms would be significantly different. Similarly, our experience in evaluating the security of hundreds of custom applications indicates that the findings are likely to apply to closed-source and commercial libraries as well.

Contact Us Terms of Use Privacy Policy Sitemap Get a PDF Reader ©2013 Department of Homeland Security