Defense agency pulls OpenBSD funding

By Robert Lemos, Staff Writer
CNET

April 17, 2003

The unused portion of a grant from the Defense Advanced Research Projects Agency (DARPA) to fund development of the open-source operating system Open Berkeley Software Design (OpenBSD) has been pulled for unspecified reasons.

The project's leader, Theo de Raadt, said Thursday he was informed by e-mail that the remaining portion of the $2.3 million grant has been pulled. An e-mail message from a professor who is managing the grant did not provide a reason, but de Raadt said he believes the cancellation was prompted by concerns about the money going to too many foreign developers and to antiwar statements that de Raadt made to reporters.

"They decided that they didn't want (our project) anymore," de Raadt said Thursday, less than hour after he received notification. "This is it. It's over."

DARPA, the arm of the U.S. Department of Defense that funds research and development and is best known for funding the project that later became the Internet, awarded the grant in 2001 as part of its Composable High-Assurance Trusted Systems (CHATS) projects, said de Raadt.

About $1 million had been allotted to add new security features to OpenBSD, an open-source OS that many consider to be the most secure free implementation of a Unix-like system. The project had finished most of the work in the first three months of the grant and had been recently using the money to fund more security enhancements to the software, de Raadt said at a recent security conference.

A University of Pennsylvania computer science professor named Jonathan Smith had originally applied for the grant under the title, "Portable Open-Source Security Enhancements," or POSSE. About $500,000 of the grant money went to several U.K. researchers to do a vulnerability analysis on Open Secure Sockets Layer (OpenSSL), a widely used program for encrypting communications, especially to and from Web sites. A handful of flaws were found, de Raadt said.

Smith refused to comment on the funding, citing the sensitivity of the issue. An e-mail to the POSSE project’s DARPA representative wasn't answered.

Earlier this week, de Raadt said he was told that officials from DARPA were concerned about statements appearing in press reports that indicated most of the grant was being funneled to foreign researchers, an apparent no-no for government-funded projects. Moreover, de Raadt believed that the U.S. government took exception to comments he made indicating that the money spent on his project meant that fewer cruise missiles were being built.

"In the United States today, free speech is just a myth," de Raadt said.

He estimated that about 85 percent of the grant money has already been spent and that the remaining portion would have continued the project for another six months. "The only money that I got was my salary," he said.

With nearly 60 OpenBSD hackers traveling to Canada to take part in a "hackathon"--a week's worth of programming sessions--the project now finds itself about $30,000 short of the money it needs to house the attendees.

"We are left in the lurch very seriously...and will need to struggle to keep our conference facilities in some way," de Raadt said.

The project plans to ship version 3.3 of the OpenBSD system on Friday. An acknowledgment of the role that DARPA played, which was to appear on the back of the box, will instead be covered by a sticker, he said.

 

Copyright ©2003 CNET Networks, Inc.