It seemed like a good idea at the time. Set up a Web site that allows users and developers alike to check which pieces of Linux code have been checked for security holes. The project, dubbed Sardonix, was a classic open source solution to a clear problem.
The scheme's originator, Crispin Cowan, chief research scientist at WireX Communications, said, "Auditing is needed not just because some developers refuse to read or follow such standards, but also because humans make mistakes, and may fail to completely or correctly follow all rules perfectly."
Yet few became involved because, according to Cowan, there's no glory in auditing security holes.
Funded initially by the US defence establishment body Defense Advanced Research Projects Agency (DARPA), the research grant aiming to centralise what was and remains a fairly loosely structured review process dried up nine months ago.
The link for this article located at TechWorld.com is no longer available.
