Linux security auditing received a much needed boost with the unveiling of a US government-backed initiative to improve the code review of open source software in an effort to eliminate security holes.
Funded by the Defence Advanced Research Project Agency, the initiative has seen the founding of the Sardonix Audit Portal, which co-founder Crispin Cowan said would act as a one-stop information point for global code reviewers' research.
Cowan explained that programs were getting audited far less than was publicly perceived. "The Linux kernel is probably getting a decent audit, but that is a guess and [the portal] is about measuring it," he said.
Existing projects to audit security in open source software had failed, but Cowan insisted that the Sardonix site would improve this shortfall.
The website will publish major unaudited programs which will be added to a reviewed list once security experts have scrutinised them.