Open-source projects get free checkup by automated tools

Open-source projects get free checkup by automated tools
Robert Lemos, SecurityFocus 2005-06-28

More open-source software projects are gaining the benefits of the latest code-checking software, as the programs' makers look to prove their worth.

Colapse all | Post comment

Open-source projects get free checkup by automated tools 2005-06-29
Don Parker (2 replies)

In wonder though is this program prone to false positives? Have all of the vulnerabilitites it finds actually translate to vulnerabilities once checked by human eyes?...

[ more ] [ reply ]

Re: Open-source projects get free checkup by automated tools 2005-07-03
Anonymous

As it says on article "flagged 306 potential software flaws". ...

[ more ] [ reply ]

Re: Open-source projects get free checkup by automated tools 2005-07-04
Anonymous (2 replies)

In response to Don Parker...

Dude... reread the article and pay attention to Theo DeRaadt's comment. The answer is NO. They are not all security prone, but who cares? Better software means better stability _and_ better security.

And what the heck is a false positive in this case? They're...

[ more ] [ reply ]

Re: Re: Open-source projects get free checkup by automated tools 2005-07-20
Anonymous

Engage brain before flaming, please.

The original poster's point was not whether flagged issues were possible security issues, but whether they were *bugs* in the first place, as in the software might have false positives such as flagging something totally non buggy as being possibly buggy (note *p...

[ more ] [ reply ]

Re: Re: Open-source projects get free checkup by automated tools 2005-07-21
Anonymous

not everything that coverity finds is an actual bug. Coverity finds /potential/ bugs, in some cases wether or not it is an actual bug depends on context.. There are some false positives, stuff that looks like a bug but really is not....

[ more ] [ reply ]