The grant, which according to reports is valued at $1.24m, is part of a wider DHS Science and Technology Directorate initiative to develop technologies to protect the nation’s telecommunications infrastructure.
The three-year Vulnerability Discovery and Remediation Open Source Hardening Project will provide daily security audits of leading open source projects, the results of which will be published on the web to help developers rectify security issues.
The audits will be carried out at Stanford University, which is receiving the majority of the grant money (reportedly $841,276), using Coverity Inc’s Prevent software source code analysis tool.
San Francisco, California-based Coverity will receive $297,000 for its part in building and maintaining the system to automatically analyze open source packages including Linux, MySQL, BerkeleyDB, OpenBSD, and Samba.
Security software specialist Symantec Corp is also reportedly in the mix, getting $100,000 for its part in testing the source code analysis tool in its proprietary environment and providing feedback and security intelligence.
Coverity already provides six-monthly code analysis reports on the Linux kernel and has good contact with Stanford. The company’s chief scientist, Dawson Engler, is associate professor at Stanford and is the original author of the Prevent code. Engler will serve as the lead investigator on the project.
