Flaws in open-source software pointed out by the American agency

Sapo opens laboratory at the University of Aveiro

A system for tracking bugs Homeland Security Department found that there is an average of one security breach per thousand lines of code in 180 projects open-source studied.

The discovery was made under the Open Source Hardening Project program, sponsored by the government agency and executed by Coverity in partnership with Stanford University, which involved an investment of 300 thousand dollars and aims to analyze the projects with the highest rate of use with developers of government applications and websites.

According to the published findings, at the end of the study, security flaws were found in all software analyzed. Since 2006, the project has helped to correct 7,826 failures in 250 programs open source, a process that involved analyzing 50 million lines of code.

According to Coverty, there are eleven projects that stood out from all others because they are located on Rung 2, the highest level of security achieved in DHS.

This positioning was achieved by the Amanda, NTP, OpenPAM, OpenVPN, Overdose, Perl, PHP, Postfix, Python, Samba and TCL projects and is due to the fact that the analyzed products are free from practically all verified security flaws.

For example, among the 236 errors detected in the 450 thousand lines of Samba code, 228 were corrected.

It only remains to be noted that Rung 2, now published, is the safest level defined to date. Rung 1 currently has 86 projects and Rung 0 has 173. For projects to pass the level, creators open-source have to fix the vulnerabilities detected by Coverty’s tools.

Related News:

2007-06-05 – Market open source generates revenues of $ 1.8 billion in 2006