Open-source bug hunt project expands

By Joris Evers
Staff Writer, CNET News

1 comment

Related Stories: Open-source hunt digs up more flaws
May 3, 2006; LAMP lights the way in open-source security
March 6, 2006; Homeland Security helps secure open-source code
January 10, 2006; Key bugs in core Linux code squashed
August 3, 2005; Wide-ranging flaw crashes programs
July 7, 2005; Open-source LAMP a beacon to developers
June 14, 2005

A year after its original launch, a U.S. government-backed project that scans open-source code for flaws is expanding.

The effort, supported by a research contract from the U.S. Department of Homeland Security, is now scanning code of 150 open-source projects, up from the original 50.

"This allows open-source developers to find and resolve defects introduced into the project," David Maxwell, open-source strategist for Coverity, said in a statement. Coverity makes source-code analysis tools and shares the DHS contract with Stanford University and Symantec.

Since the start of the project, 6,000 bugs that were found have been fixed, according to Coverity. About 700 developers are now registered to access the bug data and 35 million lines of code are scanned every day, the company said.

New open-source projects added to the bug hunt effort include "zlib," a compression program used in many applications, as well as FreeRadius, an application that provides authentication.

Coverity has updated its scan.coverity.com Web site to give a graphical overview of the flaws that were found. The company plans to further increase the number of open-source projects it scans. It has yet to decide which ones.

The bug hunt is part of a three-year "Open Source Hardening Project" dedicated to helping make such software as secure as possible. In January 2006, the U.S. Department of Homeland Security awarded $1.24 million to Stanford, Coverity and Symantec to find vulnerabilities in open-source projects.

See more CNET content tagged:
Coverity, open-source project, open source, project, Symantec Corp.

Add a Comment (Log in or register)

Putting the bug before the horse...
by Razzl March 28, 2007 2:15 PM PDT: It's a lovely idea, but in the great scheme of things, most open-source software is written for naturally-hard root programs like Unix, so most bugs would not be security-related. Since 95% of the desktops in the US are running Microsoft products which have more known serious bugs (but, as the earlier CNET article pointed out, fewer security bugs overall), shouldn't they be doing something about deconstructing Windows problems? Any serious homeland security issues which arise on "the internets" are more likely to be Windows proprietary issues than open-source issues...; Like this Reply to this comment

Latest tech news headlines

China arrests thousands in Web porn crackdown
Posted in News - Digital Media by Jennifer Guevin

January 2, 2010 6:26 PM PST
Application packaging for cloud computing: A proposal
Posted in The Wisdom of Clouds by James Urquhart

January 2, 2010 4:56 PM PST
When policemen are caught looking at Web porn
Posted in Technically Incorrect by Chris Matyszczyk

January 2, 2010 4:16 PM PST
See all headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets: Market news, charts, SEC filings, and more; Related quotes; Dow Jones Industrials (0.00%) 0.00 10,428.05; S&P 500 (0.00%) 0.00 1,115.10; NASDAQ (0.00%) 0.00 2,269.15; CNET TECH (0.00%) 0.00 1,646.41

Inside CNET News

Scroll Left Scroll Right

The Wisdom of Clouds
Application packaging for cloud computing: A proposal
Cloud computing promises new ways to build and deploy distributed applications. So why are we so hung up on the old ones?
Gallery
En route to GPS-based air traffic control (images)
Technically Incorrect
AT&T, Luke Wilson try smaller coverage number
In a new Luke Wilson ad, AT&T claims its 3G network covers 230 million people. This contrasts with ads from November that featured total coverage rather than just 3G.
Beyond Binary
Visual Studio launch delayed by 'a few weeks'
Microsoft says it's still working to resolve some performance issues related to the Visual Studio 2010 developer tool suite, which was slated for a March release.
Video
Deep-sea volcanic explosion--part 2 (video)
Digital Media
China arrests thousands in Web porn crackdown
The Chinese government says it arrested more than 5,000 people in 2009 in an effort to crack down on Web porn use, according to Reuters.
Video
Deep-sea volcanic explosion--part 1 (video)
The Social
For eBay sellers, a holiday hamster hangover
The gift frenzy over Zhu Zhu Pets leaves some power sellers feeling like they've just run a marathon--but the steep price tags driven by scarcity lead to some impressive profits.
Cutting Edge
NASA's next frontier: Venus, the moon, or an asteroid
Agency selects three finalists in a competition to help determine where to focus its attention to get the most scientific value out of research into our solar system.
Gallery
NASA trains WISE eye on the sky (photos)
Crave
Robots in 2009: The wackier, the better
No surprise here--some of the silliest and oddest robots of the year gone by were to be found in Japan. But who could top Taiwan's kissing bots?
Green Tech
Green-tech venture investing cools off in 2009
Green tech is still attracting billions of dollars a year, but the amount of money has shrunk significantly as investors began to focus on start-ups with the most potential.