[ISN] DARPA pulls OpenBSD funding

From: InfoSec News (isnat_private)
Date: Fri Apr 18 2003 - 04:37:40 PDT

  • Next message: InfoSec News: "[ISN] Arab Web sites cite rise in hacking attempts during war"

    Forwarded from: William Knowles <wkat_private>
    
    http://news.com.com/2100-1016-997393.html
    
    By Robert Lemos 
    Staff Writer, CNET News.com
    April 17, 2003
    
    The unused portion of a grant from the Defense Advanced Research
    Projects Agency to fund development of the open-source operating
    system OpenBSD has been pulled for unspecified reasons.
    
    The project's leader, Theo de Raadt, said Thursday he was informed by
    email that the remaining portion of the $2.3 million grant has been
    pulled. An email from a professor who is managing the grant did not
    provide a reason, but de Raadt said he believes the cancellation was
    prompted by concerns about the money going to too many foreign
    developers and antiwar statements that de Raadt made to reporters.
    
    "They decided that they didn't want (our project) anymore," de Raadt
    said Thursday, less than hour after he received notification. "This is
    it. It's over."
    
    DARPA, the arm of the U.S. Department of Defense that funds research
    and development and is best known for funding the project that later
    became the Internet, awarded the grant in 2001 as part of its
    Composable High-Assurance Trusted Systems (CHATS) projects, said de
    Raadt.
    
    About $1 million had been allotted to add new security features to
    OpenBSD, an open-source OS that many consider to be the most secure
    free implementation of a Unix-like system. The project had finished
    most of the work in the first three months of the grant and had been
    recently using the money to fund more security enhancements to the
    software, de Raadt said at a recent security conference.
    
    A University of Pennsylvania computer science professor, Jonathan
    Smith, had originally applied for the grant under the title, "Portable
    Open-Source Security Enhancements," or POSSE. About $500,000 of the
    money went to several U.K. researchers to do a vulnerability analysis
    on OpenSSL, a widely used program for encrypting communications,
    especially to and from Web sites. A handful of flaws were found, de
    Raadt said.
    
    Smith refused to comment on the funding, citing the sensitivity of the
    issue. An email to the POSSE project’s DARPA representative wasn't
    answered.
    
    Earlier this week, de Raadt said he was told that officials from DARPA
    were concerned about statements appearing in press reports that
    indicated most of the grant was being funneled to foreign researchers,
    an apparent no-no for government-funded projects. Moreover, de Raadt
    believed that the U.S. government took exception to comments he made
    indicating that the money spent on his project meant that fewer cruise
    missiles were being built.
    
    "In the U.S., today, free speech is just a myth," de Raadt said.
    
    He estimated that about 85 percent of the money has already been spent
    and that the remaining portion would have continued the project for
    another six months. "The only money that I got was my salary," he
    said.
    
    With nearly 60 OpenBSD hackers traveling to Canada to take part in a
    hackathon--a week's worth of solid programming sessions--the project
    now finds itself about $30,000 short of the money it needs to house
    the attendees.
    
    "We are left in the lurch very seriously...and will need to struggle
    to keep our conference facilities in some way," de Raadt said.
    
    The project will ship version 3.3 of the OpenBSD system on Friday. An
    acknowledgment of the role that DARPA played, which was to appear on
    the back of the box, will instead be covered by a sticker, he said.
    
    
     
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ================================================================
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    *==============================================================*
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Apr 18 2003 - 08:00:08 PDT