Open-source bug hunt project expands

Bug tally is at 6,000 on the first anniversary of government-sponsored project, which is adding more open-source code to scan.

A year after its original launch, a U.S. government-backed project that scans open-source code for flaws is expanding.

The effort, supported by a research contract from the U.S. Department of Homeland Security , is now scanning code of 150 open-source projects, up from the original 50.

"This allows open-source developers to find and resolve defects introduced into the project," David Maxwell, open-source strategist for Coverity, said in a statement. Coverity makes source-code analysis tools and shares the DHS contract with Stanford University and Symantec.

Since the start of the project, 6,000 bugs that were found have been fixed , according to Coverity. About 700 developers are now registered to access the bug data and 35 million lines of code are scanned every day, the company said.

New open-source projects added to the bug hunt effort include "zlib," a compression program used in many applications, as well as FreeRadius, an application that provides authentication.

Coverity has updated its Web site to give a graphical overview of the flaws that were found. The company plans to further increase the number of open-source projects it scans. It has yet to decide which ones.

The bug hunt is part of a three-year "Open Source Hardening Project" dedicated to helping make such software as secure as possible. In January 2006, the U.S. Department of Homeland Security awarded $1.24 million to Stanford, Coverity and Symantec to find vulnerabilities in open-source projects.

About the author

    Joris Evers covers security.


    Discuss Open-source bug hunt project expands

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Articles from CNET
    Imperial Sphericator gizmo turns virtually any food into caviar-sized pearls