Weeding Out Flaws in Open-Source Apps

January 11th, 2008

Under a contract with the U.S. Department of Homeland Security, Stanford University and Coverity are working to identify and fix potential security defects in open-source software projects. As part of the collaborative effort, Coverity announced this week a list of 11 open-source projects that it has now certified as secure and defect-free.The list includes widely used applications, such as Perl, PHP, Samba, and Postfix, along with Amanda, NTP, OpenPAM, OpenVPN, Overdose, Python and TCL. All of the projects involved eliminating multiple classes of potential security vulnerabilities and quality defects from their code through the Coverity Scan site.

Coverity is a privately-held, San Francisco-based company that develops source-code analysis tools, and the Coverity Scan site was developed with support from Homeland Security as part of the federal government’s “Open Source Hardening Project.”

The site divides open source projects into different “rungs” based on the progress each project makes in resolving its defects. Projects at higher rungs receive access to additional analysis capabilities using the Coverity Prevent system.

Click here to read the rest of this story on Newsfactor.

Entry Filed under: Hot off the Press