Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Tools catch security holes in open source code

Maria Korolov | July 2, 2014
Given its prevalence, open source code is virtually impossible to avoid, but the proper steps need to be taken address its vulnerabilities.

Coverity now scans more than 2,200 different open source projects, he said.

In April, Coverity released a report that analyzed code from more than 700 C and C++ projects, in addition to a sample of Java projects and anonymous enterprise projects a total of more than 750 million lines of code. The analysis showed that, for the first time since the company began running the scans eight years ago, the quality of open source code has surpassed proprietary code.

Part of it may be due to the increased emphasis on fixing coding problems by the open source projects themselves. Linux, for example, has used the Coverity scans to reduce the average time it takes to fix a newly discovered defect from 122 days to just six days

Coverity is also used by companies internally. Customers include major brands like SAP, Air France, Comcast, Barclays, as well as nine of the top ten software companies and seven of the top ten aerospace companies. 

"The amount of source code is rapidly increasing in size and yet we are maintaining consistent quality," said Yoshinori Tsujido, staff manager for Mitsubishi Electric Sanda Works, in a statement. "I don't know where we would be now if we didn't use Coverity."

According to IDC projections, the worldwide software quality analysis market exceeded $500 million in 2013, and will grow to $906 million in revenues by 2017, a compound annual growth rate of more than 15 percent.

"In the face of increasing numbers of highly public failures of business-critical systems, the urgency of attending to software quality analysis has never been more obvious," said IDC analyst Melinda Ballou in a statement. "The crying need to improve corporate and developer hygiene in this area is clear."


Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.