Open-source bug hunt results posted - Security

This is a discussion on Open-source bug hunt results posted - Security ; "Coverity Inc. of San Francisco has released the results of a Homeland Security Department-funded bug hunt that ranged across 40 popular open-source programs. The company found less than one-half of one bug per thousand lines of code on average, and ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: Open-source bug hunt results posted

  1. Open-source bug hunt results posted

    "Coverity Inc. of San Francisco has released the results of a Homeland
    Security Department-funded bug hunt that ranged across 40 popular
    open-source programs. The company found less than one-half of one bug per
    thousand lines of code on average, and found even fewer defects in the most
    widely used code, such as the Linux kernel and the Apache Web server."

    http://www.gcn.com/online/vol1_no1/40053-1.html

  2. Re: Open-source bug hunt results posted

    "Imhotep" wrote in message
    news:LuGdne8UPPQkYY_ZRVn-rQ@adelphia.com

    > "Coverity Inc. of San Francisco has released the results of a Homeland
    > Security Department-funded bug hunt that ranged across 40 popular
    > open-source programs. The company found less than one-half of one bug
    > per thousand lines of code on average, and found even fewer defects
    > in the most widely used code, such as the Linux kernel and the Apache
    > Web server."


    "The cleanest program was XMMS, a Unix-based multimedia application. It had
    only six bugs in its 116,899 lines of code, or .51 bugs per thousands lines
    of code. "

    Hmmm, one has to question the entire validity of a study that presents an
    order of magnitude error in that summary calculation alone ...

  3. Re: Open-source bug hunt results posted

    I quoted and wrote in message news:47go1vFfi1vmU1@individual.net

    >> "Coverity Inc. of San Francisco has released the results of a
    >> Homeland Security Department-funded bug hunt ...

    >
    > "The cleanest program was XMMS, a Unix-based multimedia application.
    > It had only six bugs in its 116,899 lines of code, or .51 bugs per
    > thousands lines of code. "
    >
    > Hmmm, one has to question the entire validity of a study that
    > presents an order of magnitude error in that summary calculation
    > alone ...


    Your tax dollars at work. The dumbing-down and fattening-up of American
    society continues unabated.


  4. Re: Open-source bug hunt results posted

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    ynotssor wrote, On 03/11/2006 08:57 PM:
    > I quoted and wrote in message news:47go1vFfi1vmU1@individual.net
    >
    >>> "Coverity Inc. of San Francisco has released the results of a
    >>> Homeland Security Department-funded bug hunt ...

    >> "The cleanest program was XMMS, a Unix-based multimedia application.
    >> It had only six bugs in its 116,899 lines of code, or .51 bugs per
    >> thousands lines of code. "
    >>
    >> Hmmm, one has to question the entire validity of a study that
    >> presents an order of magnitude error in that summary calculation
    >> alone ...

    >
    > Your tax dollars at work. The dumbing-down and fattening-up of American
    > society continues unabated.
    >


    As far as I can see that is added by the author of the news article, not
    by Coverity. http://scan.coverity.com/ show an alphabetic list of
    applications.

    What I would like to see though is the actual report per application,
    which at the moment only seem available to the application maintainer.
    They will probably appear in the respective bug tracking systems
    eventually, but still, it would be nice to skim through it to see how
    serious the bugs are.

    - --
    - ----------------------------
    Kristian Fiskerstrand
    http://www.kfwebs.net
    - ----------------------------
    http://www.secure-my-email.com
    http://www.secure-my-internet.com
    http://www.yourblog.in
    - ----------------------------
    Public PGP key 0x6B0B9508 at http://www.kfwebs.net/pgp/

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.3-cvs (GNU/Linux)
    Comment: http://www.secure-my-email.com
    Comment: http://www.secure-my-internet.com

    iQIVAwUBRBM47hbgz41rC5UIAQj2BQ/6A6SSGh8EdmfJPeE0KpV1zFS+pQ3ZJ7us
    AapPWMeDdy3wsahY3F5iHwA4yPx45UOQfAgQtn2xfZesy6StLO EyzIKlQ5DiZiIz
    ehOqZ2uQx9RLYSH9vckOT4e3HeFtzv00wP900WefKTNaej+t4E ZF4whOZ4txE6Ji
    NsKMG2Hsy4dyM37lj1EPptJxclPR22hxQpsxxX2JZss04Q/jaC8Z+hNcULjMBovB
    oi1EjQrD0dewze5EM9NtGC00aAH0kw7J4QWhQ1WcrWzuqKlfSA 2T+1wzeh+iIoQJ
    Jswj6RWOZiosrfNZ3L6/ErxD7g1jp8DFoCWN49K9HrjuDzMehIeQ1flk8fPlrfBg
    q2FBx6mTrbHXTBTJjhGUvN1xSbg1a4LMYmkShMtzWCFD2gWMXT zbXyogT0qEc+hT
    i/qBINlGqVui1pwNelzqnBj0Bjry4VbwvOL7RPV6cdwx7n8bcCS+ Se8VJiFFQq3i
    //cs/rdmzX5MaAFjDITKrZYoCQBCda5cWIDYMFLJDd6+Cw8E41Aol8q cwHcHVH6p
    GBcYVwqXlLCv/OjtqRJR1tE5ROU4h4booTS2i1o7kXYF19sBxp8JCSrQlUfuoLR 2
    YApwKtqwTiaSHk2HY0jcp69f5kstFXybi8+HVvFwe3l+zcDtP7 pjzqUceQx9CW8c
    6xnNbUS/yLM=
    =hn5u
    -----END PGP SIGNATURE-----

  5. Re: Open-source bug hunt results posted

    "ynotssor" writes:

    >"Imhotep" wrote in message
    >news:LuGdne8UPPQkYY_ZRVn-rQ@adelphia.com


    >> "Coverity Inc. of San Francisco has released the results of a Homeland
    >> Security Department-funded bug hunt that ranged across 40 popular
    >> open-source programs. The company found less than one-half of one bug
    >> per thousand lines of code on average, and found even fewer defects
    >> in the most widely used code, such as the Linux kernel and the Apache
    >> Web server."


    >"The cleanest program was XMMS, a Unix-based multimedia application. It had
    >only six bugs in its 116,899 lines of code, or .51 bugs per thousands lines
    >of code. "


    >Hmmm, one has to question the entire validity of a study that presents an
    >order of magnitude error in that summary calculation alone ...


    Could of course have simply been a typo

  6. Re: Open-source bug hunt results posted

    G'day:

    "ynotssor" wrote in message
    news:47godqFfg75cU1@individual.net...
    >
    > Your tax dollars at work. The dumbing-down and fattening-up of American
    > society continues unabated.
    >


    Not sure about the society as a whole, but regarding the taxpayers' money -
    absolutely!


    --
    Svyatoslav Pidgorny, MS MVP - Security, MCSE
    -= F1 is the key =-



  7. Re: Open-source bug hunt results posted

    ynotssor wrote:

    Have you ever gone through code? If you did I think you would question it...

    > "Imhotep" wrote in message
    > news:LuGdne8UPPQkYY_ZRVn-rQ@adelphia.com
    >
    >> "Coverity Inc. of San Francisco has released the results of a Homeland
    >> Security Department-funded bug hunt that ranged across 40 popular
    >> open-source programs. The company found less than one-half of one bug
    >> per thousand lines of code on average, and found even fewer defects
    >> in the most widely used code, such as the Linux kernel and the Apache
    >> Web server."

    >
    > "The cleanest program was XMMS, a Unix-based multimedia application. It
    > had only six bugs in its 116,899 lines of code, or .51 bugs per thousands
    > lines of code. "
    >
    > Hmmm, one has to question the entire validity of a study that presents an
    > order of magnitude error in that summary calculation alone ...



  8. Re: Open-source bug hunt results posted

    ynotssor wrote:

    BS! This has been need for some time. Since the overall quality of software
    has been "dumbed down". Oh indeed, let's look at how software involves our
    lives: Aircontroller software, Banking software, maybe software quality
    should have been taken more seriously along time ago?

    Im

    > I quoted and wrote in message news:47go1vFfi1vmU1@individual.net
    >
    >>> "Coverity Inc. of San Francisco has released the results of a
    >>> Homeland Security Department-funded bug hunt ...

    >>
    >> "The cleanest program was XMMS, a Unix-based multimedia application.
    >> It had only six bugs in its 116,899 lines of code, or .51 bugs per
    >> thousands lines of code. "
    >>
    >> Hmmm, one has to question the entire validity of a study that
    >> presents an order of magnitude error in that summary calculation
    >> alone ...

    >
    > Your tax dollars at work. The dumbing-down and fattening-up of American
    > society continues unabated.



+ Reply to Thread