Announcing the results of the Coverity Scan 2010 Open Source Integrity Report, Coverity says that nearly half of open source defects discovered during the project are categorised as high risk.
The Coverity Scan report is the result of a major public-private sector research project focused on open source software integrity, originally initiated between Coverity and the U.S. Department of Homeland Security in 2006.
The 2010 edition of the Coverity Scan Open Source Integrity Report is based on the analysis of more than 61 million lines of open source code from 291 popular and widely-used open source projects such as Android, Linux, Apache, Samba and PHP among others.
The Coverity Scan service uses Coverity Static Analysis to automatically test open source code submitted by the open source community.
Highlights from the Coverity Scan 2010 Open Source Integrity Report:
- The Android kernel tested by Coverity revealed 359 software defects, a sample of what might be shipping in popular mobile and other Android-based devices
- 25 percent of Android defects are high risk with the potential to cause security breaches and crashes
- Nearly half of the defects discovered in open source projects by Coverity Scan are classified as high risk
- High risk defects discovered in Android and other open source projects are the types typically eliminated by Coverity customers before shipping products
- Common defects found in open source code include memory corruptions, NULL pointer dereferences and resource leaks with the potential to cause system crashes and security vulnerabilities in products
For the first time, Coverity will be releasing details on specific open source projects, starting with the Android kernel 2.6.32 (Froyo) in the Coverity Scan 2010 Open Source Integrity Report.
According to Google, more than 65,000 Android devices ship each day. Android is also expected to become the second-largest smartphone operating system by 2012, capturing 18% of global smartphone sales.
Andy Chou, Chief Scientist and co-founder of Coverity says that open source software such as Android is cemented into the software supply chain of fast-moving OEMs in the mobile device industry, creating heavy demand for visibility into the integrity of open source code shipping in modern mobile devices.
He adds that Coverity's goal is to help open source developers find and fix flaws in their software and to help their customers know what they are shipping in their products and services.
Embedded Logic Solutions specialises in a range of embedded technology solutions for customers in diverse industry sectors such as defence, education, automotive as well as electronics design and manufacturing.
Embedded Logic Solutions distributes Coverity’s software products in Australia.