Security Pros Launch Open-Source CERT

Backed by Google, security consulting firm Inverse Path and the Open Source Lab at Oregon State University have created oCERT (Open Source Computer Emergency Response Team), an organization designed to be the place to go for security incident response for open-source projects ( ACM Technews).

The team wants to manage advance vulnerability warnings, coordinate patch release notification, offer resources for analyzing and repairing software flaws, and hold sluggish vendors accountable when security fixes are delayed.

"Small open-source projects often don't have any form of security handling but the same code they manage [is] included by bigger projects and distributions. When there's a compromise, there's no proper coordination and that's not acceptable," says Andrea Barisani, oCERT founder and project coordinator.

An excellent article describing the new CERT appears in eWEEK.COM.