Linux kernel software quality and security better than most proprietary enterprise software.Coverity, a software engineering company focused on developing a better way to build software, recently announced results on Linux security compiled over four years of source code analysis of the Linux kernel The nucleus of the Linux operating system. The Linux kernel, which was developed by Linus Torvalds, was integrated with software from the GNU Project and other sources to create the actual Linux operating system. See Linux, GNU/Linux and kernel. . Coverity discovered 985 bugs in 5.7 million lines of code The statements and instructions that a programmer writes when creating a program. One line of this "source code" may generate one machine instruction or several depending on the programming language. A line of code in assembly language is typically turned into one machine instruction. in the recent 2.6 Linux production kernel now shipping in operating system operating system (OS) Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. products from Novell and other major Linux software companies. The former director of cybersecurity for the U.S. Department of Homeland Security Noun 1. Department of Homeland Security - the federal department that administers all matters relating to homeland security Homeland Security executive department - a federal department in the executive branch of the government of the United States , Amit Yoran Amit Yoran was the National Cyber Security Division director within the United States Department of Homeland Security. He took up the post in September 2003 and resigned in October 2004. , this month told a Washington, D.C. conference on Homeland Security Noun 1. Homeland Security - the federal department that administers all matters relating to homeland security Department of Homeland Security executive department - a federal department in the executive branch of the government of the United States and Information Assurance that automatic code debuggers are required to make software secure. As commercial software is developed, it typically contains 20 to 30 bugs for every thousand lines of code, according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. Carnegie Mellon University's CyLab Sustainable Computing Consortium. The Linux source code analysis project started in 2000 at the Stanford University Stanford University, at Stanford, Calif.; coeducational; chartered 1885, opened 1891 as Leland Stanford Junior Univ. (still the legal name). The original campus was designed by Frederick Law Olmsted. David Starr Jordan was its first president. Computer Science Research Center as part of a massive research initiative to improve core software engineering processes in the software industry. The initiative continues on at Coverity, a commercial software company started by five of the lead Stanford researchers. Coverity customers include the top vendors in networking, electronic design automation and storage, among others. As a public service, Coverity will start providing bug analysis reports on a regular basis and make a summary of the results freely available to the Linux development community. "This is a benefit to the Linux development community and we appreciate Coverity's efforts to help us improve the security and stability of Linux," said Andrew Morton, lead Linux kernel maintainer. "We've already addressed the top priority bugs that Coverity has uncovered. It's a very useful system for high quality code." "Key Linux developers can now use the same tools that many of the world's largest commercial IT vendors have integrated into their software development process," said Seth Hallem, CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of Coverity. "Our findings show that Linux contains 0.17 bugs per thousand lines of code, which is an extremely low defect rate and is evidence of the strong security of Linux. Many security holes in software are the result of software bugs that can be eliminated with good programming processes." A summary of the bugs is available at http://linuxbugs.coverity.com. Active members of the Linux kernel development community can obtain detailed bug reports by contacting Coverity. SWAT's core technology runs on a wide variety of hardware and software platforms used by C and C++ developers. It is unique amongst source code analysis solutions in both its precision and scalability. Unlike many competing technologies, SWAT simulates the effects that the operations in the source code might have in the runtime environment, rather than searching the source code for known, dangerous coding patterns or potentially sloppy coding constructs. The result is that the defects detected by SWAT's analysis platform are potentially disastrous runtime errors that must be fixed in the source code. In addition, SWAT is designed to integrate easily into existing software development practices without any changes to existing build systems or existing development tools. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion