San Francisco-based security firm Coverity has been working with support from the U.S. Department of Homeland Security and with Stanford University to find flaws in open source software, and it looks like they've found plenty. Since March 2006, an online Coverity software scanning site has analyzed 50 million lines of software in more than 250 projects, which ultimately led to 7,500 software defect fixes, 6,000 of which occurred in the first year. The scanning comes courtesy of a DHS grant that's part of the federal government's Open Source Hardening Project.
January 11th 2008