Fall in open source errors boosts security
By Matthew Sparkes,
The number of security vulnerabilities in open-source software has dropped 16 per cent in two years, claims a recent audit of code defects.
The annual report, commissioned by the US Department of Homeland Security and carried out by software firm Coverity, looks for defects and vulnerabilities in open-source projects using analytical tools which automatically detect various common errors in source code.
Coverity's 2008 report surveyed 55 million lines of code, and found 0.25 errors per 1,000 lines of code, a 16 per cent fall on the 0.3 errors found only two years ago.
"These findings represent an overall reduction of static analysis defect density across 250 open-source projects of a total of 23,068 individual defects," explained the report, which lists null pointer deference and resource leaks as the two most common errors found in projects today.
As well as the average number of defects falling it was also found that some projects managed to reduce this number, known as the defect density, to zero. Perl, PHP and Samba were all noted by the company as performing particularly well and having an extremely low defect density.
Perhaps the most interesting possibility for automatic analysis of errors is a comparison between open source and commercial code, to finally answer the debate of which is the most secure conclusively, although Coverity explained that this is unlikely to happen in the near future.
"Many developers have an opinion about the differing quality and security of open source versus commercial software, and a number of theories have been hypothesised to justify the superiority of one class of code over another," the report said.
"However, comparing these two classes of code is impossible for the purposes of this report, primarily due the difficulty involved in obtaining comparable datasets."
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Open Source Analysis & Insight
GCC and LLVM - What's in a licence?
Richard Hillesley discusses the pros and cons of the GCC and LLVM compiler collections, and the difference a licence makes.
- PCLinuxOS - Rolling on a river
- Top 10 open source alternatives
- The fall and rise of Mandriva Linux
- Haiku: Reason to believe
- What will the coalition do for business and technology?
- The lost world of the Xandros desktop
- Building on a Linux brand
- FreeBSD and the GPL
- Top 10 areas where open source leads the way
advertisement
Most popular
- Google releases Chrome for Android beta
- Will someone rid me of these troublesome Macs?
- OneNote hits Google?s Android
- BlackBerry Bold 9790 review
- Google sends in Bouncer to sort out malicious apps
- Ubuntu vs. Windows 7 on the business desktop
- Who to trust after the VeriSign hack?
- Head to Head: Mac OS X 10.7 Lion vs Windows 7
- ACTA: the basics, the controversies, and the future
- BT considering Ofcom price cap appeal
Latest News Videos in Open Source
Video: Q&A with Red Hat's Werner Knoblich, part two
PlayThe second installment of our video Q&A with Red Hat's general manager for Europe, the Middle East and Africa (EMEA).
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
