Coverity Reports Open Source Security Making Great Strides 48
Coverity is claiming they have found and helped to fix more than 7,500 security flaws in open source software since the inception of the governmentally backed project designed to harden open source software. The company has also identified eleven projects that have been especially responsive in correcting security problems. "Eleven projects have been awarded the newly announced status of Rung 2, including those known as Amanda, NTP, OpenPAM, OpenVPN, Overdose, Perl, PHP, Postfix, Python, Samba, and TCL."
Re: (Score:1, Offtopic)
(the mental image... holy crap what a bad evil mental image.... it's like the Janet Reno brain-sear of 1998 all friggin' over again!)
Re: (Score:1)
Re: (Score:1)
Overdose (Score:2)
Re:Overdose (Score:5, Funny)
Ah, nevermind. Its a Yahoo! chat client. [sourceforge.net] I should have searched Sourceforge instead...
Re: (Score:2)
Re: (Score:1)
Dupe? (Score:3, Informative)
Re:Dupe? (Score:5, Interesting)
ash
Re: (Score:1)
Anyone else (Score:5, Funny)
Re: (Score:2)
Except for my hometown. It's the elbow of the Earth. You can see the armpit from there.
Re: (Score:2)
-nB
Re: (Score:2)
Dupe (Score:2, Informative)
http://it.slashdot.org/article.pl?sid=08/01/09/0027229 [slashdot.org]
173 Projects NOT being actively scanned (Score:3, Informative)
Rung 0: http://scan.coverity.com/rung0.html [coverity.com]
Re: (Score:1)
If you have any questions or would like to suggest additional
projects to be added, please email [SNIP]
To get the snipped email, ROT-13 this: fpna-nqzva@pbirevgl.pbz
Re: (Score:1, Interesting)
Coverity contacted me several months ago. I fixed every issue that they raised and informed them of such. They said thanks and I heard nothing more.
Now they say that my project is in "Rung 0" and they haven't responded to my efforts to contact them. So I really have no idea what is going on; whether they found something new (and unknown to me), or that I'm supposed to be doing something that I haven't done, or what.
Experience with Nmap (Score:4, Informative)
Re: (Score:2)
No, that was wise advise from a bunch of humans. But, wise as they might be, if they handed me code they themselves had written, following their own principles, I'd *still* run Coverity over it.
Re: (Score:2)
Any real effect? (Score:2)
I use most of those program and they are already 100% reliable for me.
Re: (Score:2)
Re: (Score:1)
Some of the bugs I've fixed could have been crashers in certain circumstances. They were unlikely cases, but they had potential unpleasantness.
Reliability vs security. (Score:2)
Re: (Score:3, Informative)
A lot of other flaws they find are cases in which the program crashes cleanly (by dereferencing NULL) in some error case instead of reporting the error. Depending on what sort of program it is and what sort of data error is required to reach t
Update on the article is posted (Score:5, Informative)
Is the Coverity toolkit also open source? (Score:2)
So where can you download the source code for the Prevent suite and all its plugins?
The freebsd projects scanner (Score:1)
Looking up Prevent on wikipedia indicates that Prevent SQS was derived from the Stanford Checker.
http://en.wikipedia.org/wiki/Coverity [wikipedia.org]
Re: (Score:1)
Now if only Coverity would release some code.. (Score:4, Insightful)
If DHS spent its money on investing in high quality static analysis plugins for modern (free) development environments, then you would catch all of the old mistakes, and make sure that they did not happen in the future. I just get annoyed when I see how much money goes to these companies whose only concern is treating the symptoms, not the cause, of poor security standards in software development.
Re: (Score:2)
Re: (Score:1)
i have
open source vs. closed source security (Score:3, Informative)
http://www.subspacefield.org/security/security_concepts.html#tth_sEc24.5 [subspacefield.org]
If I've missed any - or if you have any other suggestions - please email me.
I feel like a bit of a whore for posting links to my own ebook, but whores actually get paid. My book is free, so I guess that just makes me a slut. ;-)
Re: (Score:2)
This document is note worthy and is worth a look.
ehm (Score:2)