Coverity Reports Reduction In Code Defects - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Enterprise Architecture
News
9/23/2009
10:28 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Coverity Reports Reduction In Code Defects

The company started scanning open source code for reliability and integrity three years ago and has a Department of Homeland Security contract.

Coverity says the integrity and quality of the open source projects that its scans for defects, is improving. The company said it has measured a 16% reduction in static analysis defect density since it started scanning projects, including Linux, Samba, and Ruby, three years ago.

That reduction means 11,200 defects have been eliminated since Coverity undertook a $300,000 Department of Homeland Security contract to report on the reliability and integrity of open source software projects, often adopted for use in federal, state, and local government.

To find those defects, Coverity's automated inspector, Prevent, inspected 11 billion lines of code from 280 open source projects.

By defects, Coverity doesn't necessarily mean vulnerabilities and security exposures, although they can sometimes be found as well. Defects often amount to a null pointer reference in a C program, where a pointer refers to a memory address that is no longer valid. In some cases, the software runs fine despite the defect. Weeding out these flaws means they can't be activated by unforeseen or previously un-encountered conditions in the program.

As open source projects have eliminated the bugs found in Coverity's initial scans, the spotlight has been turned toward looking for more extreme grades of bugs, that were too minor to bother with in Coverity's first year of scanning. The third round of searching for obscure defects is underway.

For example, Samba along with a handful of other open source projects, has entered the third rung of certification, as Coverity calls it. Samba is the project that allows file and print translation between Windows and Linux and has been widely used in many enterprises adopting Linux.

The Ruby scripting language and framework, known as Ruby on Rails for its rapid development techniques, is also a third rung certification participant, as is OpenPAM, the open source method of aggregating multiple user authentication schemes.

"Known bugs can sometimes turn into security issues if they're not correctly understood or addressed," wrote Jeremy Allison. He is the co-creator of the Samba project with Andrew Tridgell, who commented on the need for defect prevention in open source code in a Samba FAQ July 21. "One hundred percent bug free reliable software is our goal, and one that Coverity scans play an important part in achieving," he wrote.


InformationWeek has published an in-depth report on application development. Download the report here (registration required).

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
Reflections on Tech in 2019
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  12/9/2019
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll