Open source security improving rapidly

By

The quality and security of open source software is improving rapidly, according to an in-depth analysis of over 250 popular applications including Linux and Apache.

Open source security improving rapidly
Coverity's Scan Report on Open Source Software 2008 was developed with support from the US Department of Homeland Security.

The report analysed more than 55 million lines of code on a recurring basis from over 250 popular open source projects.

The two-year investigation was conducted with Coverity's Prevent static source code analysis tool as part of the US government's Open Source Hardening Project.

Coverity reported a 16 per cent reduction in "static analysis defect density " in the past two years, reflecting the elimination of more than 8,500 individual defects.

'Null pointer dereference' emerged as the most common defect, according to the study, while 'Use before test of negative values' was the least common defect.

Findings in the report seemed to contradict conventional wisdom in that projects with large average function length are not prone to higher defect densities.

"The improvement of projects that already possess strong code quality and security underscores the commitment of open source developers to create software of the highest integrity," said David Maxwell, open source strategist at Coverity.

The report represents 14,238 individual project analysis runs for a total of nearly 10 billion lines of code analysed over two years.

The conclusions may apply equally to open source and commercial software regarding the relationship between variables such as code base size, defect density, function length, 'Cyclomatic complexity' and 'Halstead effort'.

Source code analysis from the report is freely available to qualified open source projects.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

Gov quietly launches onshore instance of GPT-4o for APS

Gov quietly launches onshore instance of GPT-4o for APS

NDIA embarks on architectural overhaul of scheme systems

NDIA embarks on architectural overhaul of scheme systems

The ABC implements data warehouse amid governance restructure

The ABC implements data warehouse amid governance restructure

ACT’s $30m HR system upgrade under scrutiny amid high staff turnover

ACT’s $30m HR system upgrade under scrutiny amid high staff turnover

Log In

  |  Forgot your password?