Coverity Reports Open Source Security Making Great Strides

Coverity is claiming they have found and helped to fix more than 7,500 security flaws in open source software since the inception of the governmentally backed project designed to harden open source software. The company has also identified eleven projects that have been especially responsive in correcting security problems. "Eleven projects have been awarded the newly announced status of Rung 2, including those known as Amanda, NTP, OpenPAM, OpenVPN, Overdose, Perl, PHP, Postfix, Python, Samba, and TCL."

173 Projects NOT being actively scanned

[gQuigs]

If you are involved in said projects, please contact coverity through the website and get involved. I don't see any reason why a project would not want to have this scan done.

Rung 0: http://scan.coverity.com/rung0.html

Experience with Nmap

[katterjohn]

I've been working with Nmap for nearly 2 years now; I went over a Coverity scan of the Nmap source code and fixed many possible bugs (mostly NULL dereferences). Coverity has a great interface and documented the bugs well.

Update on the article is posted

[ivoras]

There's an update on the article here: http://www.informationweek.com/blog/main/archives/2008/01/oops_look_at_th.html See also http://lists.freebsd.org/pipermail/freebsd-hackers/2008-January/022854.html for discussion on FreeBSD.

open source vs. closed source security

[solinym]

I've collected some arguments about the security of open-source vs. closed source in my online book called "security concepts":

http://www.subspacefield.org/security/security_concepts.html#tth_sEc24.5

If I've missed any - or if you have any other suggestions - please email me.

I feel like a bit of a whore for posting links to my own ebook, but whores actually get paid. My book is free, so I guess that just makes me a slut. ;-)