Coverity Reports Open Source Security Making Great Strides

Coverity is claiming they have found and helped to fix more than 7,500 security flaws in open source software since the inception of the governmentally backed project designed to harden open source software. The company has also identified eleven projects that have been especially responsive in correcting security problems. "Eleven projects have been awarded the newly announced status of Rung 2, including those known as Amanda, NTP, OpenPAM, OpenVPN, Overdose, Perl, PHP, Postfix, Python, Samba, and TCL."

Anyone else

[Bloke+down+the+pub]

Anyone else read that as "Coventry"? Bloody shit-hole, I went there once and nobody spoke to me.

Re:Overdose

[PetiePooo]

What is Overdose? I've searched Google, but all I get is links to Heroin recovery groups...

Ah, nevermind. Its a Yahoo! chat client. I should have searched Sourceforge instead...

Re:Dupe?

[ashridah]

Yes. It has a positive bias in the title (pro open source) instead of a negative one. We want slashdot to be fair and impartial right....?

ash

Experience with Nmap

[katterjohn]

I've been working with Nmap for nearly 2 years now; I went over a Coverity scan of the Nmap source code and fixed many possible bugs (mostly NULL dereferences). Coverity has a great interface and documented the bugs well.

Update on the article is posted

[ivoras]

There's an update on the article here: http://www.informationweek.com/blog/main/archives/2008/01/oops_look_at_th.html See also http://lists.freebsd.org/pipermail/freebsd-hackers/2008-January/022854.html for discussion on FreeBSD.