January 10th, 2008

Open source projects get hardened

Posted by Richard Koman @ January 10, 2008 @ 8:37 PM

Categories: Homeland security

Tags: Project, Coverity, Scanners, Open Source, Hardware, Peripherals, Richard Koman

The Dept. of Homeland Security’s Open Source Hardening Project has turned up an average of one security glitch per 1,000 lines of code in the most popular open source software projects, PC World reports.

OSHP, run by Stanford and Coverity, found significant problems with 180 open source projects it looked at. Since 2006 the project has helped fix 7,826 open source flaws in 250 projects, out of 50 million lines of code scanned, the company said.

Eleven projects have repaired enough bugs that they’ve graduated to “Rung 2,” Coverity’s second-level of hardening. The 11 projects are Amanda, NTP, OpenPAM, OpenVPN, Overdose, Perl, PHP, Postfix, Python, Samba, and TCL.

Rung 2 is a big deal. The Samba project has corrected 228 or 236 security flaws found in 450,000 lines of code. Coverity provides the projects with an updated version of its scanner product, which will allow developers to identify still more flaws.