Firefox code gets vetted

Mozilla is now using technology that automates the bug-checking process for Firefox, its popular open-source Web browser.

The company has licensed Coverity's Prevent to scan the source code of the browser and help detect flaws in the software before its release, Ben Chelf, chief technology officer at Coverity said Thursday. Coverity and Mozilla plan to jointly announce the arrangement on Monday, he said.

Even though the announcement isn't coming until Monday, Mozilla actually licensed the Coverity tool about a year and a half ago, Chelf said. The companies held off on the announcement until Mozilla felt comfortable with the product and it actually yielded some results, he said.

"You want to see a lot of evidence that defects are getting fixed," Chelf said.

Still, late last month Mozilla released an update to Firefox that fixed a dozen vulnerabilities, seven of which it deemed "critical." Additionally, a second update had to be sent out a week later because the first one caused trouble with Windows Media Player.

Firefox code is being scanned at multiple levels. The browser is also scrutinized by Coverity and Stanford University at the behest of the Department of Homeland Security. Through its Science and Technology Directorate, the department gave $1.24 million in funding to Stanford, Coverity and Symantec to hunt for bugs in open-source programs.