The MIT Technology Review writes in a long form article about how DARPA has rediscovered Free and Open Source Software, or at least the latter, and how it is now found everywhere across the board. As far as the Internet and the World Wide Web goes, its ubiquity has been a given since they were founded on it, but nowadays even at least 70% of closed source, proprietary products also contain lots of it. DARPA is worried about the kernel Linux in particular and the vetting process for adding code to the project specifically.
Now DARPA, the US military's research arm, wants to understand the collision of code and community that makes these open-source projects work, in order to better understand the risks they face. The goal is to be able to effectively recognize malicious actors and prevent them from disrupting or corrupting crucially important open-source code before it's too late.
DARPA's "SocialCyber" program is an 18-month-long, multimillion-dollar project that will combine sociology with recent technological advances in artificial intelligence to map, understand, and protect these massive open-source communities and the code they create. It's different from most previous research because it combines automated analysis of both the code and the social dimensions of open-source software.
"The open-source ecosystem is one of the grandest enterprises in human history," says Sergey Bratus, the DARPA program manager behind the project.
"It's now grown from enthusiasts to a global endeavor forming the basis of global infrastructure, of the internet itself, of critical industries and mission-critical systems pretty much everywhere," he says. "The systems that run our industry, power grids, shipping, transportation."
Recently, software appears to have been occupying a lot of attention over in Washington, DC. Unfortunately occasional lines in mainstream articles indicate that it is M$ and M$ lobbyists are steering the policy discussion there. It appears that they are spending an enormous amount of time in direct contact with politicians and policy makers, all the while log4j is still getting milked by them as a distraction from all the actively exploited vulnerabilities in their own products.
(Score: 2, Insightful) by SomeRandomGeek on Monday July 18 2022, @03:12PM (5 children)
Eventually, the government will figure out that if they are concerned about the security of open source software, they can contribute to securing it.
They can contribute directly. But also, they currently "ensure" the security of closed source software by setting security standards for the private companies that they buy from. The government could easily change those standards to include those private companies contributing the to the security of open source software included in their products.
(Score: 4, Insightful) by crafoo on Monday July 18 2022, @04:52PM (2 children)
it's so adorable that you think your government even considers your best interests.
> Eventually, the government will figure out that if they are concerned about the security of open source software, they can contribute to securing it.
No they won't and that's not their goal in the first place. That's just the story.
Imagine your typical DMV, but with guns and a massive sense of entitlement and arrogance.
(Score: 2) by Freeman on Monday July 18 2022, @05:48PM
You've just described Texas DMVs. Okay, they probably can't take their guns with them to work.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2) by JoeMerchant on Monday July 18 2022, @08:10PM
There are some basic personality profile differences between the military and the DMV, yes both have outsized entitlement, but DMV isn't inclined to think in terms of deadly force. If they were they would move faster and also not grant operators licenses to so many 80+ year olds.
🌻🌻 [google.com]
(Score: 5, Insightful) by RS3 on Monday July 18 2022, @05:12PM
I believe they did and that's what SELinux is: https://www.redhat.com/en/topics/linux/what-is-selinux [redhat.com]
(Score: 3, Insightful) by JoeMerchant on Monday July 18 2022, @08:13PM
>those standards to include those private companies contributing the to the security of open source software included in their products.
This is coming to medical devices as we speak.
If open source is scary, closed source should be terrifying.
🌻🌻 [google.com]
(Score: 3, Touché) by sgleysti on Monday July 18 2022, @03:49PM (3 children)
This is a good article on an important topic, but it's not a long form article. It's normal length. Just saying.
(Score: 1) by Runaway1956 on Monday July 18 2022, @04:27PM (2 children)
For politicians, anything over 50 words is "long form". All they want is the 3 to 10 word soundbyte.
“I have become friends with many school shooters” - Tampon Tim Walz
(Score: -1, Redundant) by Anonymous Coward on Monday July 18 2022, @04:44PM (1 child)
For Republican politicians, anything over 50 words is "long form".
TFTFY
(Score: 1, Redundant) by Runaway1956 on Monday July 18 2022, @05:56PM
You know, I think you might be correct. And, Democrats are limited to 16 words.
“I have become friends with many school shooters” - Tampon Tim Walz
(Score: 3, Offtopic) by jasassin on Monday July 18 2022, @04:27PM
It’s the assholes that do this kind of shit are the reason why we can’t have nice things. I can understand wanting to steal cryptocurrency, and I personally couldn’t give a shit less, but the malware just to fuck with shit really grinds my gears. It’s like the asshats that key super expensive cars because they are jealous or envious or whatever is going through their stupid pissant minds. The thought of doing that kind of thing has never crossed my mind.
Fuck cryptocurrency, but stealing is wrong.
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 2) by PiMuNu on Monday July 18 2022, @08:48PM
ROFL
(Score: 3, Funny) by bmimatt on Tuesday July 19 2022, @12:15AM
...we are here to help.
(Score: 2, Funny) by pD-brane on Tuesday July 19 2022, @06:39PM
Would it not be more efficient and in line with their principles if the US government just prosecute Lennart Poettering without due process, or did he already flee to Russia?