IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Fall in open source errors boosts security

Open source software is becoming more secure, with the number of errors and security holes falling 16 per cent in two years, a new report has found.

The number of security vulnerabilities in open-source software has dropped 16 per cent in two years, claims a recent audit of code defects.

The annual report, commissioned by the US Department of Homeland Security and carried out by software firm Coverity, looks for defects and vulnerabilities in open-source projects using analytical tools which automatically detect various common errors in source code.

Coverity's 2008 report surveyed 55 million lines of code, and found 0.25 errors per 1,000 lines of code, a 16 per cent fall on the 0.3 errors found only two years ago.

"These findings represent an overall reduction of static analysis defect density across 250 open-source projects of a total of 23,068 individual defects," explained the report, which lists null pointer deference and resource leaks as the two most common errors found in projects today.

As well as the average number of defects falling it was also found that some projects managed to reduce this number, known as the defect density, to zero. Perl, PHP and Samba were all noted by the company as performing particularly well and having an extremely low defect density.

Perhaps the most interesting possibility for automatic analysis of errors is a comparison between open source and commercial code, to finally answer the debate of which is the most secure conclusively, although Coverity explained that this is unlikely to happen in the near future.

"Many developers have an opinion about the differing quality and security of open source versus commercial software, and a number of theories have been hypothesised to justify the superiority of one class of code over another," the report said.

"However, comparing these two classes of code is impossible for the purposes of this report, primarily due the difficulty involved in obtaining comparable datasets."

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022