LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for August 28, 2008

Fedora, Red Hat, and distributor security

LWN.net Weekly Edition for August 21, 2008

Standards, the kernel, and Postfix

In defense of Ubuntu

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Rate of bugs and rate of security holes are mostly uncorrelated

Rate of bugs and rate of security holes are mostly uncorrelated

Posted Mar 6, 2006 16:11 UTC (Mon) by shahms (subscriber, #8877)
In reply to: Rate of bugs and rate of security holes are mostly uncorrelated by nix
Parent article: Coverity releases first defect survey results

From reading the articles about Coverity's static checker (at least, the articles on the early versions of the Stanford checker), there is no reason to suspect they haven't written domain-specific extensions for at least some of the idioms and API rules of the projects they checked. One of the main points of their tool is making "system-specifc programmer written compiler extensions" relatively easy. The architecture described by those papers is powerful and extensible, able to detect and act on almost-arbitrary pattern rules. It's really a pretty nice architecture as described and I imagine the Coverity tool addresses the most urgent shortcomings of the early implementation.

(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds