Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Feds tackle open source code quality

Maria Korolov | April 1, 2016
There's a federal effort under way to reduce the number of vulnerabilities in open source projects

In fact, said Greene, many open source projects don't have strong communities or companies behind them to create the patches and otherwise maintain the projects.

"I want to create a bug-bounty approach, a vulnerability incentive research platform, where we leverage the power of crowd sourcing to find vulnerabilities and create fixes for them," he said. "I'm currently exploring ways to figure out how to do that. Hopefully, pretty soon, we can get it in shape and have it as a new project out of our division."

It would start out with a small investment and a discovery phase to see if it is feasible, he said. There are also issues around disclosure and privacy that first have to be addressed.

"But if we can find zero days before the adversaries find the zero days, and come out with fixes, man, we're making a lot of progress," he said.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.