Open source security improving rapidly

By

The quality and security of open source software is improving rapidly, according to an in-depth analysis of over 250 popular applications including Linux and Apache.

Open source security improving rapidly
Coverity's Scan Report on Open Source Software 2008 was developed with support from the US Department of Homeland Security.

The report analysed more than 55 million lines of code on a recurring basis from over 250 popular open source projects.

The two-year investigation was conducted with Coverity's Prevent static source code analysis tool as part of the US government's Open Source Hardening Project.

Coverity reported a 16 per cent reduction in "static analysis defect density " in the past two years, reflecting the elimination of more than 8,500 individual defects.

'Null pointer dereference' emerged as the most common defect, according to the study, while 'Use before test of negative values' was the least common defect.

Findings in the report seemed to contradict conventional wisdom in that projects with large average function length are not prone to higher defect densities.

"The improvement of projects that already possess strong code quality and security underscores the commitment of open source developers to create software of the highest integrity," said David Maxwell, open source strategist at Coverity.

The report represents 14,238 individual project analysis runs for a total of nearly 10 billion lines of code analysed over two years.

The conclusions may apply equally to open source and commercial software regarding the relationship between variables such as code base size, defect density, function length, 'Cyclomatic complexity' and 'Halstead effort'.

Source code analysis from the report is freely available to qualified open source projects.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

ANZ consolidates operational risk into ServiceNow

ANZ consolidates operational risk into ServiceNow

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Defence's AI Centre hunts value in 1 billion unstructured documents

Defence's AI Centre hunts value in 1 billion unstructured documents

Services Australia revamps intranet as internal info access fragments

Services Australia revamps intranet as internal info access fragments

Log In

  |  Forgot your password?