Advertisement
Promo

Enterprise open source Toolkit

Open-source security moves to next step

Peter Judge ZDNet.co.uk

Published: 11 Jan 2008 15:19 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Source code analysis expert Coverity has found and helped fix more than 7,500 security flaws in open-source software, and published a list of the 11 open-source projects working fastest to sort them out.

The work is part of a US government-backed project to harden open-source code.

"We applaud the developers responsible for the 11 open-source projects that have advanced to the second rung of code security and quality," said David Maxwell, open-source strategist for Coverity.

The Open Source Hardening Project, sponsored by the US Department of Homeland Security, uses Coverity's Scan, which grades projects on a "ladder" according to their progress at fixing and preventing flaws.

Eleven projects have been awarded the newly announced status of Rung 2, including Amanda, NTP, OpenPAM, OpenVPN, Overdose, Perl, PHP, Postfix, Python, Samba and TCL. According to Coverity this new development means users will be able to "select these open-source applications with even greater confidence".

Several other projects are expected to advance to Rung 2 over the next few months. The Open Source Hardening Project began in January 2006 and was expanded early in 2007 to cover a list of 150 projects.

Coverity uses static source code analysis to spot errors in code, such as open brackets. Projects on rung two will move on to use the company's "satisfiability" techniques, which use a bit-accurate representation of a software system, translating every relevant software operation into Boolean values (true and false) and Boolean operators (such as and, not, or).

Coverity claims this type of analysis is a first in commercial programming, and is able to spot hundreds more bugs than the tools available on Rung 1.

Although the project is clearly improving the security of open-source software, some have expressed concern that coverage of its results may produce bad publicity, in the form of headlines about security flaws in open-source software.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
5 out of 5 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links


Company/Topic Alerts

Create a new alert from the list below:






Related Jobs

User Acceptance Tester - Birmingham, West Midlands

Project Support Officer

Technical Director, Preston, up to c70k + Benefits

Video icon

Video

Discussions

warnpc1 warnpc1

Law expert issues warning to open Wi-F...

Monday 30 November 2009, 9:43 PM

3 comments
58358 58358

Don't forget the tools

Monday 30 November 2009, 7:15 PM

4 comments
Shannon_VanWagner Shannon_VanWagner

Hats off to you, for trying Linux in t...

Monday 30 November 2009, 6:44 PM

12 comments
lordshipmayhem lordshipmayhem

I'm using Linux on my home PC rig...

Monday 30 November 2009, 6:26 PM

12 comments

View All


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters