PHP Authors: Liz McMillan, Carmen Gonzalez, Hovhannes Avoyan, Lori MacVittie, Trevor Parsons

News Feed Item

LAMP Software Stack More Reliable Than Baseline Open Source Software - Coverity Analysis for DHS Finds

Department of Homeland Security Research Analysis by Coverity Establishes New Baseline Metric for Software Quality and Security

SAN FRANCISCO, March 6 /PRNewswire/ -- Coverity, Inc., makers of the world's most advanced and scalable source code analysis solution, today released comprehensive research results on the state of quality for many of the leading open source software projects in the world. This is the first study to use source code analysis to establish a baseline metric for software quality.

As part of the government-funded analysis, Coverity is establishing a new baseline for software quality and security in open source based on sophisticated analyses of more than 17.5 million lines of source code using the latest research from Stanford University's Computer Science department. The LAMP stack -- Linux, Apache, MySQL, and Perl/PHP/Python -- showed significantly better software quality above the baseline with an average of 0.290 defects per thousand lines of code compared to an average of 0.434 for the 32 open source software projects analyzed.

The analysis is the first public result arising from a contract with the Department of Homeland Security (DHS) to improve the security and quality of software. The three-year contract, called the "Vulnerability Discovery and Remediation Open Source Hardening Project," includes research on the latest source code analysis techniques developed by Coverity and Stanford computer scientists. The analysis identified many of the most critical types of defects found in software.

"One of the goals of our research on software quality and security is to define a baseline so that people can measure software reliability in both open source and proprietary software projects," said Ben Chelf, CTO of Coverity. "No technology can find all bugs in software, but we have collected a critical mass of data through an automated and repeatable analysis framework to show how software quality can be concretely assessed, compared, and ultimately improved."

The open source development model benefits from the "many eyes" approach of having many developers review source code in a process similar to a large- scale peer review. This often results in high quality code, such as the code found in the LAMP stack. One goal of Coverity's research is to accelerate this peer review process by automatically analyzing 100 percent of the code paths for defects in each software project. To do this manually for just the Linux kernel would take over twenty-eight man years alone.

As part of the analysis, Coverity is working with open source project leaders to make Coverity's findings useful to the open source community and to assist in applying fixes to the bugs identified.

"Coverity's static source code analysis has proven to be an effective step towards furthering the quality and security of Linux," said Andrew Morton, head maintainer of the 2.6 Linux kernel. "I welcome further contributions from Coverity to help identify defects in the Linux kernel with unprecedented speed and scalability."

"Coverity's Prevent is an invaluable tool that we've now been able to integrate into the FreeBSD Project development process with nightly source code scans," said Robert Watson, president of the FreeBSD Foundation. "Eighty-five FreeBSD developers are now registered to review Coverity- generated bug reports, resulting in hundreds of important bug fixes, one leading to a security advisory. Coverity's contributions have significantly improved the quality of FreeBSD source code base, which is greatly appreciated by both FreeBSD developers and users."

"The peer review model used by the open source community is a very powerful one and has proven effective in creating quality software," said David Park, a co-founder of Coverity and former Stanford University computer science researcher. "With more businesses utilizing open source software like the LAMP stack, we see a need to help decision makers understand the relative quality and security in the packages they choose to bring in house."

Coverity will continue to perform analyses of open source projects and add new projects over time. Providing this service will ensure that every line of code in a project is given a thorough review, and the results of each scan will be made freely available to the open source project development teams to encourage quick responses.

"The results that we have discovered mark a great first step in automatically assessing the quality and security of any given code base. However, our goal is not only to measure quality and security, but to make the projects that we analyze better. By opening up our analysis results to the core developers of these open source projects, we hope to work with them to reduce the number of defects and vulnerabilities in their code bases," said Chelf.

Coverity built a web-based system that provides updated information to the general public and to developers of open source software. The system continually downloads open source software and runs scans on the software using Coverity's static source code analysis technology. Results are updated on a daily basis. The general public can immediately access summary results and registered project maintainers and key developers can access details on the software defects.

An updated table of summary results and access to the secure database of defects is available at http://scan.coverity.com/ .

An explanation of the research findings with commentary on how the baseline can be used by software developers is also available for free download at http://www.coverity.com/ and http://scan.coverity.com/ .

About Coverity

Coverity (http://www.coverity.com/), makers of the world's most advanced and scalable source code analysis solution for pinpointing software defects and security vulnerabilities, is a privately-held company headquartered in San Francisco. Coverity was founded in 2002 by leading Stanford University computer scientists whose four-year research project resulted in a breakthrough technique to address the costliest problem in the software industry. That research breakthrough allows developers to quickly and precisely eliminate software defects and security vulnerabilities in tens of millions of lines of new or legacy code. Today, Coverity's solution is used by more than 100 leading companies to significantly improve the quality and security of their software, including Juniper Networks, Symantec/VERITAS, McAfee, Synopsys, NASA, PalmOne, Sun Microsystems and Wind River.

NOTE: Coverity is a registered trademark, and Coverity Extend and Coverity Prevent are trademarks of Coverity, Inc. All other company and product names are the property of their respective owners.

Media Contacts Craig Oda Page One PR for Coverity [email protected] +1-650-565-9800, ext. 102 David Park [email protected] +1-650-714-2335


CONTACT: Craig Oda of Page One PR, +1-650-565-9800, ext. 102, or
[email protected], for Coverity; or David Park of Coverity, +1-650-714-2335,
or [email protected]

Web Site: http://www.coverity.com/

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

IoT & Smart Cities Stories
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Druva is the global leader in Cloud Data Protection and Management, delivering the industry's first data management-as-a-service solution that aggregates data from endpoints, servers and cloud applications and leverages the public cloud to offer a single pane of glass to enable data protection, governance and intelligence-dramatically increasing the availability and visibility of business critical information, while reducing the risk, cost and complexity of managing and protecting it. Druva's...
BMC has unmatched experience in IT management, supporting 92 of the Forbes Global 100, and earning recognition as an ITSM Gartner Magic Quadrant Leader for five years running. Our solutions offer speed, agility, and efficiency to tackle business challenges in the areas of service management, automation, operations, and the mainframe.
The Jevons Paradox suggests that when technological advances increase efficiency of a resource, it results in an overall increase in consumption. Writing on the increased use of coal as a result of technological improvements, 19th-century economist William Stanley Jevons found that these improvements led to the development of new ways to utilize coal. In his session at 19th Cloud Expo, Mark Thiele, Chief Strategy Officer for Apcera, compared the Jevons Paradox to modern-day enterprise IT, examin...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading...
DSR is a supplier of project management, consultancy services and IT solutions that increase effectiveness of a company's operations in the production sector. The company combines in-depth knowledge of international companies with expert knowledge utilising IT tools that support manufacturing and distribution processes. DSR ensures optimization and integration of internal processes which is necessary for companies to grow rapidly. The rapid growth is possible thanks, to specialized services an...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
There are many examples of disruption in consumer space – Uber disrupting the cab industry, Airbnb disrupting the hospitality industry and so on; but have you wondered who is disrupting support and operations? AISERA helps make businesses and customers successful by offering consumer-like user experience for support and operations. We have built the world’s first AI-driven IT / HR / Cloud / Customer Support and Operations solution.
Codete accelerates their clients growth through technological expertise and experience. Codite team works with organizations to meet the challenges that digitalization presents. Their clients include digital start-ups as well as established enterprises in the IT industry. To stay competitive in a highly innovative IT industry, strong R&D departments and bold spin-off initiatives is a must. Codete Data Science and Software Architects teams help corporate clients to stay up to date with the mod...
Scala Hosting is trusted by 50 000 customers from 120 countries and hosting 700 000+ websites. The company has local presence in the United States and Europe and runs an internal R&D department which focuses on changing the status quo in the web hosting industry. Imagine every website owner running their online business on a fully managed cloud VPS platform at an affordable price that's very close to the price of shared hosting. The efforts of the R&D department in the last 3 years made that pos...