Fall in open source errors boosts security
By Matthew Sparkes,
The number of security vulnerabilities in open-source software has dropped 16 per cent in two years, claims a recent audit of code defects.
The annual report, commissioned by the US Department of Homeland Security and carried out by software firm Coverity, looks for defects and vulnerabilities in open-source projects using analytical tools which automatically detect various common errors in source code.
Coverity's 2008 report surveyed 55 million lines of code, and found 0.25 errors per 1,000 lines of code, a 16 per cent fall on the 0.3 errors found only two years ago.
"These findings represent an overall reduction of static analysis defect density across 250 open-source projects of a total of 23,068 individual defects," explained the report, which lists null pointer deference and resource leaks as the two most common errors found in projects today.
As well as the average number of defects falling it was also found that some projects managed to reduce this number, known as the defect density, to zero. Perl, PHP and Samba were all noted by the company as performing particularly well and having an extremely low defect density.
Perhaps the most interesting possibility for automatic analysis of errors is a comparison between open source and commercial code, to finally answer the debate of which is the most secure conclusively, although Coverity explained that this is unlikely to happen in the near future.
"Many developers have an opinion about the differing quality and security of open source versus commercial software, and a number of theories have been hypothesised to justify the superiority of one class of code over another," the report said.
"However, comparing these two classes of code is impossible for the purposes of this report, primarily due the difficulty involved in obtaining comparable datasets."
Related Tags
advertisement
Latest Security Features
Lessons to learn from a year of data breaches
In the year since the HMRC data breach, many more have been made public – here’s a roundup of 11 lessons (we should have) learned.
- Q&A: DNS inventor Paul Mockapetris
- Is the password ill-equipped for the modern world?
- Why is backing up given short shrift?
- Defending Europe against cyber attack
- The present and future of IT security
- I’m an IT manager, get me out of here!
- IT around the world: Russia
- Chinese web control an Olympic challenge for tech firms
- SOS Bletchley Park
Latest Security Reviews
Boston 3000GP - AMD Shanghai Server
Rating: 
- Fortinet FortiGate-3810A
- Clearswift MIMEsweeper Web Appliance ENW
- NetASQ U6000 UTM appliance
- AVG Internet Security SBS Edition 8.0
- Finjan Vital Security Web Appliance NG-6000S
- LogLogic MX2010
- Exclusive: WatchGuard Firebox Core X750e
- Sophos ES4000 Security Appliance
- Microsoft Forefront Security for Exchange and SharePoint
advertisement
Latest News Videos in Security
Video: Q&A with Richard Archdeacon, Symantec
PlayIT PRO speaks to Richard Archdeacon, director, global services, at the information security software vendor Symantec.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?