dwheeler writes: Heartbleed was bad vulnerability in OpenSSL. My article How to Prevent the next Heartbleed explains why so many tools missed it... and what could be done to prevent the next one. Are there other ways to detect these vulnerabilities ahead-of-time? What did I miss?
dwheeler writes: The U.S. Department of Defense (DoD) has just released "Clarifying Guidance Regarding Open Source Software (OSS)", a new official memo about OSS. This memo is important for anyone who works with the DoD (including contractors) on software and systems that include software, and may influence many other organizations as well. The DoD had released a memo back in 2003, but "misconceptions and misinterpretations... have hampered effective DoD use and development of OSS". The new memo tries to counter those misconceptions and misinterpretations, and is very positive about OSS. In particular, it lists a number of potential advantages of OSS, and recommends that in certain cases the DoD release software as OSS.