LAMP Lights the OSS Security Way

Kevin Young wrote to mention a ZDNet article which goes into some detail on new results from a Department of Homeland security initiative. It's called the 'Open Source Hardening Project', and (funded to the tune of $1.24 Million) the goals of the initiative are to use a commercial tool for source code analysis to buck up the security base of many OSS projects. LAMP (the conglomeration of Linux, Apache, MySQL, and PHP/Perl/Python) was a 'winner' in the eyes of the project. From the article: "In the analysis, more than 17.5 million lines of code from 32 open-source projects were scanned. On average, 0.434 bugs per 1,000 lines of code were found, Coverity said. The LAMP stack, however, 'showed significantly better software quality," with an average of 0.29 defects per 1,000 lines of code, the technology company said.'"

Re:Solaris

[Anonymous Coward]

And it won't be long before Linux-zealots will start preemptively bashing Solaris to distract form the screaming shortcomings of their toy-OS. In fact, it will start in t 0.

Re:Fucking LAMP.

[Anonymous Coward]

Yeah, but stick with LAMP though, because LAPP makes me think LAPPdance... Alot of security holes to attack! ;)

Aaaah, but lapdancing is the one place where an unexpected hole is a feature ;-)

Test of Leaked Vista/IIS code

[RealProgrammer]

Researchers at clandestine research labs in bases hidden deep in the Russian Alps have attempted to analyze portions of the leaked Internet Information Server (IIS) and Windows Vista code for similar flaws.

The findings were remarkable. They found 4,669 flaws, but since they didn't have the source code it resulted in a divide-by-zero error when they calculated the statistics on their Excel spreadsheet. The error triggered an unheard-of lockup on their Windows XP desktop.

On a positive note, recovering from the error alerted them to the presence of 43 strains of the MyDoom virus, 257 instances of Alexis spyware, and a bootleg copy of "Making of the Britney Spears Sonogram".

Re:What about....

[frankm_slashdot]

Parent: +1.33 (Sarcastic yet funny).

Re:don't waste that $$$!

[Bazzalisk]

Ah, but how many lines of code will it take to correct the bugs? and will those bugfixes themselves contain bugs?

Interested minds couldn't care less.

From the lame-ass-metaphor dept.

[tobiasly]

"LAMP Lights the Way"?! Was Slashdot acquired by C|Net?

For the love of all that's holy, please drop the hackish high-school-newsletter headlines.

Checkpointing.

[Ivan Matveitch]

The whole database concept is just fundamentally wrong.

Hint to PHP devs

[billcopc]

Add more linefeeds!!! ;)

Re:And for Windows XP?

[Phillup]

Perhaps the Microsoft code does in 5 lines what the Open Source code does in 150.

I didn't know MS used Perl.

;-)

(unix tools excepted)