Open source security improving rapidly

By

The quality and security of open source software is improving rapidly, according to an in-depth analysis of over 250 popular applications including Linux and Apache.

Open source security improving rapidly
Coverity's Scan Report on Open Source Software 2008 was developed with support from the US Department of Homeland Security.

The report analysed more than 55 million lines of code on a recurring basis from over 250 popular open source projects.

The two-year investigation was conducted with Coverity's Prevent static source code analysis tool as part of the US government's Open Source Hardening Project.

Coverity reported a 16 per cent reduction in "static analysis defect density " in the past two years, reflecting the elimination of more than 8,500 individual defects.

'Null pointer dereference' emerged as the most common defect, according to the study, while 'Use before test of negative values' was the least common defect.

Findings in the report seemed to contradict conventional wisdom in that projects with large average function length are not prone to higher defect densities.

"The improvement of projects that already possess strong code quality and security underscores the commitment of open source developers to create software of the highest integrity," said David Maxwell, open source strategist at Coverity.

The report represents 14,238 individual project analysis runs for a total of nearly 10 billion lines of code analysed over two years.

The conclusions may apply equally to open source and commercial software regarding the relationship between variables such as code base size, defect density, function length, 'Cyclomatic complexity' and 'Halstead effort'.

Source code analysis from the report is freely available to qualified open source projects.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
improvingopenrapidlysecuritysoftwaresource

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

Orica to set new workforce systems live in Australia in July

Orica to set new workforce systems live in Australia in July
Lion builds an app to detect its beers on tap in venues

Lion builds an app to detect its beers on tap in venues
ANZ Institutional readies go-live for "multi-agent chatbot" amie

ANZ Institutional readies go-live for "multi-agent chatbot" amie
Victoria Police refreshes online reporting

Victoria Police refreshes online reporting
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?