March 27, 2007 6:06 PM PDT
Open-source bug hunt project expands
- Related Stories
Open-source hunt digs up more flawsMay 3, 2006
LAMP lights the way in open-source securityMarch 6, 2006
Homeland Security helps secure open-source codeJanuary 10, 2006
Key bugs in core Linux code squashedAugust 3, 2005
Wide-ranging flaw crashes programsJuly 7, 2005
Open-source LAMP a beacon to developersJune 14, 2005
The effort, supported by a research contract from the U.S. Department of Homeland Security, is now scanning code of 150 open-source projects, up from the original 50.
"This allows open-source developers to find and resolve defects introduced into the project," David Maxwell, open-source strategist for Coverity, said in a statement. Coverity makes source-code analysis tools and shares the DHS contract with Stanford University and Symantec.
Since the start of the project, 6,000 bugs that were found have been fixed, according to Coverity. About 700 developers are now registered to access the bug data and 35 million lines of code are scanned every day, the company said.
New open-source projects added to the bug hunt effort include "zlib," a compression program used in many applications, as well as FreeRadius, an application that provides authentication.
Coverity has updated its scan.coverity.com Web site to give a graphical overview of the flaws that were found. The company plans to further increase the number of open-source projects it scans. It has yet to decide which ones.
The bug hunt is part of a three-year "Open Source Hardening Project" dedicated to helping make such software as secure as possible. In January 2006, the U.S. Department of Homeland Security awarded $1.24 million to Stanford, Coverity and Symantec to find vulnerabilities in open-source projects.
1 commentJoin the conversation! Add your comment