NewsForge has an important article about the imminent announcement of the creation of the Sustainable Computing Consortium (SCC) at Carnegie Mellon University (Sustainable Computing Consortium "foolish" if it doesn't embrace open standards). What is the SCC?
The Sustainable Computing Consortium is a collaborative initiative to drive improvements in software quality and security (and their measurability) among major corporate IT users, software developers and IT suppliers, university researchers, government agencies, and third parties involved in aspects of risk management such as audit and insurance.
The SCC's "About" page goes into more depth describing the project. What should be clear is that, considering the importance of a secure information infrastructure to our society, this is an admirable and very important project. It says much for our government that they have the foresight to put up at least $23 million to support the SCC.
Unfortunately, as the NewsForge article points out, there is a major problem with the SCC in that much of the work it does will only be available to the proprietary software community, at least as the SCC is currently configured. According the About page, only members (minimum fee $5,000) will be allowed to take advantage of these important quality-enhancing tools:
Access to technologies to measure and enhance software infrastructure sustainability. Members are entitled to a non-exclusive, internal-use license for the intellectual property created by the SCC.
This essentially eliminates the possibility of open source developers participating in the SCC. Considering the widespread and growing deployment of open source software as critical elements of our information infrastructure, this can only be seen as an error on the part of the SCC. While there is some dispute concerning the security advantages of open source software (many open source advocates reasonably claim that open source development leads to higher quality code - proprietary software developers obviously dispute this), it is clear that open source cannot be ignored.
For a one short view on the security problems of proprietary software, UK Linux guru Alan Cox published a commentary with OS Opinion (The Risks of Closed Source Computing).