March 27, 2007 6:06 PM PDT

Open-source bug hunt project expands

A year after its original launch, a U.S. government-backed project that scans open-source code for flaws is expanding.

The effort, supported by a research contract from the U.S. Department of Homeland Security, is now scanning code of 150 open-source projects, up from the original 50.

"This allows open-source developers to find and resolve defects introduced into the project," David Maxwell, open-source strategist for Coverity, said in a statement. Coverity makes source-code analysis tools and shares the DHS contract with Stanford University and Symantec.

Since the start of the project, 6,000 bugs that were found have been fixed, according to Coverity. About 700 developers are now registered to access the bug data and 35 million lines of code are scanned every day, the company said.

New open-source projects added to the bug hunt effort include "zlib," a compression program used in many applications, as well as FreeRadius, an application that provides authentication.

Coverity has updated its scan.coverity.com Web site to give a graphical overview of the flaws that were found. The company plans to further increase the number of open-source projects it scans. It has yet to decide which ones.

The bug hunt is part of a three-year "Open Source Hardening Project" dedicated to helping make such software as secure as possible. In January 2006, the U.S. Department of Homeland Security awarded $1.24 million to Stanford, Coverity and Symantec to find vulnerabilities in open-source projects.

See more CNET content tagged:
Coverity, open source, open-source project, project, Symantec Corp.

1 comment

Join the conversation!
Add your comment
Putting the bug before the horse...
It's a lovely idea, but in the great scheme of things, most open-source software is written for naturally-hard root programs like Unix, so most bugs would not be security-related. Since 95% of the desktops in the US are running Microsoft products which have more known serious bugs (but, as the earlier CNET article pointed out, fewer security bugs overall), shouldn't they be doing something about deconstructing Windows problems? Any serious homeland security issues which arise on "the internets" are more likely to be Windows proprietary issues than open-source issues...
Posted by Razzl (1318 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.