Reconsidering ffmpeg in Debian

Posted Aug 6, 2014 19:01 UTC (Wed) by markh (subscriber, #33984)
In reply to: Reconsidering ffmpeg in Debian by amit
Parent article: Reconsidering ffmpeg in Debian

Both projects are already analyzed with Coverity.

ffmpeg: https://scan.coverity.com/projects/54
libav: https://scan.coverity.com/projects/106

Reconsidering ffmpeg in Debian

Posted Aug 7, 2014 16:27 UTC (Thu) by ux (guest, #98231) [Link] (1 responses)

See coverity fixes in FFmpeg: http://git.videolan.org/?p=ffmpeg.git&a=search&h=...

Coverity is quite nice BTW.

Reconsidering ffmpeg in Debian

Posted Aug 13, 2014 8:55 UTC (Wed) by ber (subscriber, #2142) [Link]

Coverity requires you to advertise for it and to not publish their detailed findings at their discretion (last time I've looked into their terms of service). This may be the reason I haven't found studies that compares it to other services. It would not be allowed right away. Also Coverity gets access to your evaluation of seriousness of security defects on their machines (located in the US I presume).
Those are significant drawbacks.

Made me look into stand-a-lone Free Software security checking tools like cppcheck, flawfinder or ASan/TSan/MSan.