Article: PHP, Perl and Python pass Homeland Security test
In 2006, the US Department of Homeland Security joined up with
Coverity to scan Open Source software for security problems, and
provide the results to the projects for fixing. Here's an intermediate(?)
status report of the project now:
``Coverity, which creates automated source-code analysis tools, announced late Monday its first list of open-source projects that have been certified as free of security defects.''
There were three "rungs" of projects, with eleven being rated as
"bug free" in "rung 2": Amanda, NTP, OpenPAM, OpenVPN, Overdose, Perl, PHP, Postfix, Python, Samba, and TCL.
Rung 1 now includes 86 projects. Rung 0, the lowest level, currently lists 173 projects.
NetBSD is part of the scans, and it currently ranks in
which currently contains 86 projects. NetBSD shows
1.316 fixed bugs,
196 verified bugs and
1405 uninspected bugs
in 4.7mio lines of code, resulting in an average of
0.335 bugs per 1000 lines of code.
Rung 0, the "worst" category currently lists 173 projects, so
NetBSD is about average - but there's always room to improve!
[Tags: coverity, dhs, security]