Loading ...Coverity Scan: Security Holes Found in Open Source Projects
Coverity is a company that creates tools for software development. Its premiere product is Prevent, a static-analysis code inspection tool. Coverity offers the results of Prevent's analysis for free to open source developers.
From the project home page:
In collaboration with Stanford University, Coverity is establishing a new baseline for software quality and security in open source. Under a contract with the Department of Homeland Security, we apply the latest innovations in automated defect detection to uncover some of the most critical types of bugs found in software.
So the most notable use of Prevent is under a U.S. Department of Homeland Security contract, in which it is used to examine over 150 open source applications for bugs. Popular open source projects, such as Samba, the PHP, Perl, and Tcl dynamic languages used to bind together elements of Web sites, and Amanda, the popular open source backup and recovery software running on half a million servers, were all found to have dozens or hundreds of security exposures and quality defects.
For example, over 75% of the defects Scan identified in Samba were fixed within two reviews of the Scan analysis.
(Fig. 01: Samba Project Code Scan Result)
=> More information about project and bugs (including charts) available at offical web site.
A total of 7,826 open source project defects have been fixed through the Homeland Security review, or one every two hours since it was launched in 2006, according to David Maxwell, open source strategist for Coverity, maker of the source code checking system, the Prevent Software Quality System, that's being used in the review.
This project is really helping out to improve overall open source software quality.
Want to stay up to date with the latest Linux tips, news and announcements? Subscribe to our free e-mail newsletter or RSS feed to get all updates.
You can Email this page to a friend.
You may also be interested in other helpful articles:
- Mambo Security Problems
- How a Web server actually works ~ with C source code
- Microsoft listed as most secure os
- Security: Hacking Web 2.0 Applications with Firefox
- Comparison: Solaris vs Linux
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Tags: coverity, department of homeland, department of homeland security, dynamic languages, half a million, information project, inspection tool, open source applications, open source projects, php perl, premiere product, quality defects, recovery software, samba, security contract, security exposures, software development, static analysis, u s department, u s department of homeland security
Recent Comments
Today ~ 12 Comments
Today ~ 6 Comments
Today ~ 21 Comments
Today ~ 1 Comment
Today ~ 1 Comment