logo

  •   Submit to to del.icio.us   Submit to to digg   submit to to reddit   submit to to StumbleUpon   submit to to Google   Submit to to Yahoo!

Category: news | Posted by Avatar Staff 225 days ago
Via: http://lists.jammed.com | Tags: isn open source proprietary codes include similar mistakes comments Discuss  


http://www.gcn.com/online/vol1_no1/46342-1.html



By Wilson P. Dizard III

GCN.com

05/23/08



A two-year study of more than 55 million lines of code showed that

open-source systems include a variety of errors that closely track those

found in software written for proprietary systems.



The incidence of those errors in open-source code is declining,

according to a study that the Homeland Security Department funded. The

department hired Coverity to analyze more than 55 million lines of code

in two years as part of the government.s Open Source Code Hardening

Project.



Coverity used its Scan service to help open-source developers improve

their products' security by pinpointing and categorizing code flaws.

Scan uses the company's widely deployed Coverity Prevent static

source-code analysis system.



The two-year project covered more than 250 popular open-source projects.



Open-source software products are improving in quality and security,

according to the study. Using the Scan service, researchers detected a

16 percent reduction in source code errors, based on a measure known as

static analysis defect density, during the past two years. Project

researchers cited a report from Gartner that states that by 2012, as

many as four-fifths of all commercial software will include open-source

code.



The Scan site sorts open-source projects into rungs based on their

success in eliminating defects, Coverity said. "Projects at higher rungs

receive access to additional analysis capabilities and configuration

options," it said. "Projects are promoted as they resolve the majority

of defects identified at their current rung."



"The continued improvement of projects that already possess strong code

quality and security underscores the commitment of open-source

developers to create software of the highest integrity," said David

Maxwell, open-source strategist at Coverity.



The company said its initial two-year DHS contract is ending, and

Coverity will continue to operate the Scan site because of the favorable

response the project has received from software developers and others in

the open-source community.



The full Open Source Report 2008 is available here [1].



[1] http://www.gcn.com/newspics/Coverity_OpenSourceReport2008.pdf





_______________________________________________

Attend Black Hat USA, August 2-7 in Las Vegas,

the world's premier technical event for ICT security experts.

Featuring 40 hands-on training courses and 80 Briefings

presentations with lots of new content and new tools.

Network with 4,000 delegates from 50 nations.

Visit product displays by 30 top sponsors in

a relaxed setting. http://www.blackhat.com





addto Add this link to... report Bury 


Comments Who Voted Related Links
Copyright 2005-2008 Best of Security