Open source security improving rapidly

By

The quality and security of open source software is improving rapidly, according to an in-depth analysis of over 250 popular applications including Linux and Apache.

Open source security improving rapidly
Coverity's Scan Report on Open Source Software 2008 was developed with support from the US Department of Homeland Security.

The report analysed more than 55 million lines of code on a recurring basis from over 250 popular open source projects.

The two-year investigation was conducted with Coverity's Prevent static source code analysis tool as part of the US government's Open Source Hardening Project.

Coverity reported a 16 per cent reduction in "static analysis defect density " in the past two years, reflecting the elimination of more than 8,500 individual defects.

'Null pointer dereference' emerged as the most common defect, according to the study, while 'Use before test of negative values' was the least common defect.

Findings in the report seemed to contradict conventional wisdom in that projects with large average function length are not prone to higher defect densities.

"The improvement of projects that already possess strong code quality and security underscores the commitment of open source developers to create software of the highest integrity," said David Maxwell, open source strategist at Coverity.

The report represents 14,238 individual project analysis runs for a total of nearly 10 billion lines of code analysed over two years.

The conclusions may apply equally to open source and commercial software regarding the relationship between variables such as code base size, defect density, function length, 'Cyclomatic complexity' and 'Halstead effort'.

Source code analysis from the report is freely available to qualified open source projects.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

Orica to set new workforce systems live in Australia in July

Orica to set new workforce systems live in Australia in July

Lion builds an app to detect its beers on tap in venues

Lion builds an app to detect its beers on tap in venues

ANZ Institutional readies go-live for "multi-agent chatbot" amie

ANZ Institutional readies go-live for "multi-agent chatbot" amie

Victoria Police refreshes online reporting

Victoria Police refreshes online reporting

Log In

  |  Forgot your password?