Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL
 | |
|
Technology news and Jobs 
The Linux distillery Is Open Source software safe and secure?
The Linux distillery Is Open Source software safe and secure? | Is Open Source software safe and secure? |
|
| by David M Williams | |
| Thursday, 22 May 2008 | |
|
Page 3 of 4 At the bottom end, rung 0 projects are those open source projects which have been analysed by Scan but which have not had any interaction between Coverity and the project development team. These projects are included by Coverity because they were recommended or deemed to be of significance in the open source community.Featured Whitepaper
5 Best Practices for Smartphone Support
Projects at this rung include bison, cups, ffmpeg, gnuplot, lua, net-snmp, rpm, tk, wget, xplot and zlib. This is somewhat surprising; while projects at rung 0 exist which have clearly limited application – like opendis, a tool to download images from Flashpoint Digita-based cameras – the ones I’ve listed are fairly prominent apps and some of which are among the core base of a system. The only means to progress from rung 0 to rung 1 is for official members of the project team to come in contact with Coverity and begin availing themselves of the code analysis results. Conversely, the project team can also request to be removed from Scan. Thus, while these apps did not opt to be included they have also not asked to opt out. The broad findings, and the rung divisions, are interesting but where the Open Source Report research also offers huge value is in its categorising the code problems uncovered. In fact, out of all the projects, over all the code, the biggest recurring problem was NULL pointer dereferences. This alone accounted for 28% of all defects. This type of error occurs when you have program code that might have different paths through a routine depending on variables or conditions. Think of the “if/then” statement; this is a fundamental programming structure which means you can temporarily interrupt the linear flow of a program to do something different depending on whether a condition evaluates to true or false. These are two different paths through the code. In a NULL pointer dereference you will have one code path which initialises a pointer before using it, but another code path which skips the initialisation and seeks to use the pointer when it is NULL, ie when it does not have a valid value. This type of flaw can be hard to debug because one code path behaves as it should; the program will not repeatedly crash because certain conditions have to be met for the faulty code to be executed. Actually, pointers are a complex aspect of computer programming. C and C++ are well known for their arcane nature – although, similarly, they are well known for the control they give a developer over a system and for the raw native execution speed they offer. CONTINUED |
| < Next story in category | Previous story in the category > |
|---|
