ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Coverity reveals common open-source code flaws

Tom Espiner ZDNet.co.uk

Published: 20 May 2008 17:35 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A project funded by the US Department of Homeland Security has praised improvements in open-source security, while outlining some common errors.

Coverity, a commercial code-analysis company spun out of Stanford University, has been running its Scan project with Department of Homeland Security funding since 2006.

On Tuesday, Coverity released its Open Source Report, which gives results of bugs in more than 250 open-source projects. Coverity declined to give details of individual projects' faults, but instead gave a list of frequent coding errors.

Coverity did single out some projects for particular praise due to the cleanliness of the code, including Amanda, NTP, OpenPAM, OpenVPN, Perl, PHP, Python and Samba.

The most common type of code defect, accounting for 28 percent of all the defects found, was the NULL pointer dereference, as the use of pointers in C/C++ is error-prone, according to Coverity.

"This type of error often occurs when one code path initialises a pointer before its use, but another code path bypasses the initialisation process," stated the report. "Pointers are a notoriously challenging programming concept that many languages elide altogether (eg, Java). Senior developers know that new programmers frequently have trouble understanding pointers."

Because pointers are often used to pass data structures by reference between pieces of program logic, they may be the most commonly manipulated data objects due to repeated copying, aliasing and accessing. Therefore, it is not surprising that the most frequently used artefacts will incur the most errors in manipulation, said Coverity.

The second most common type of code defect are resource leaks. While some resource leaks are pointer-related, others may be the result of misusing an application programming interface (API), said Coverity.

Other common code defects include unintentional ignored expressions, use before test and buffer overflow vulnerabilities.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Dell

Did you find this article useful?
5 out of 5 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:






Related Jobs

Test Specialist-Technical

Automated test tools, defect management processes, best practice testing practices to enable you to follow test scripts and report and suggestion on ...

Analyst Programmer

Defect management responsible for ensuring that all defects are assessed and resolved as quickly as possible. Proven analysis, programming and ...

Procurement Consultant / Senior Consultant

As a centre of excellence it also provides support and resource to other countries where specific procurement expertise is required. Dependent on ...

Featured Talkback

What was achieved there is recognised to be of fundamental importance to both winning the war (Churchill visited to say 'thank you' to them) and the development of the computer. Maybe Bill Gates doesn't want to support this museum because it underlines where electronic computing started i.e. here, not the U.S.

By: 1000103773

Read full story:
Bletchley Park faces bleak future

Sentry Posts Blog

Skype - The Roach Motel

Here is an interesting article from The National Business Review, pointing out once again that you can never delete a Skype account. Never. Period. This is something I am familiar... More

Post a comment

The vPhone: Why Visa Should Go Mobile

The vPhone: Why Visa Should Go Mobile Author: Eric Everson, Founder MyMobiSafe.com With all of the success of Apple’s iPhone, there is a growing case to support a company like Visa... More

Post a comment

The Google Apple Merger: Fantasy or Fu...

The Google Apple Merger: Fantasy or Future? Author: Eric Everson, Founder MyMobiSafe.com Market research suggests that Microsoft controls upwards of 90% of the respective computer-based... More

2 comments

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers