A new community-based project wants to eliminate insecure open source code samples found online. The Eliminate Vulnerable Code Project, which security vendor Digital Security created, aims to delete the code, which they say leads to insecure-software development. The eVc Project will take submissions about bad code that contributors find and also use crawler tools to find such problems. So far, sponsors claim, contributors have submitted at least 15 examples of vulnerable code, including SQL injection, cross-site scripting, and buffer overflow vulnerabilities. “Our end goal is not to make any project or website look bad. Our goal is to create a safer software-development environment,” stated Digital Security chair and CEO Waqas Nazir. “We see a lot of bad examples of source code on Web properties and even in books used to train developers. …We will provide a digest of reports to the site owners alerting them of the issues contributed by the community. There will be no direct reference to an existing product where the code is actually in use, so there is no concern of making this available [publicly].” Details about discovered vulnerabilities will be available only to project members. (Dark Reading)(The eVc Project)
