Telstra has revealed the addition of almost one million new mobile services in the six months to December 2011, but Sensis revenues plummeted 24 percent in 12 months.
At the bottom end, rung 0 projects are those open source projects which have been analysed by Scan but which have not had any interaction between Coverity and the project development team. These projects are included by Coverity because they were recommended or deemed to be of significance in the open source community.
Coverity have analysed the code but have not had any developers from the project express an interest in accessing the nature of vulnerabilities found. As the flaws aren’t released to the general public, this means the defects found are not being read by anyone and possibly may not be corrected.
Projects at this rung include bison, cups, ffmpeg, gnuplot, lua, net-snmp, rpm, tk, wget, xplot and zlib. This is somewhat surprising; while projects at rung 0 exist which have clearly limited application – like opendis, a tool to download images from Flashpoint Digita-based cameras – the ones I’ve listed are fairly prominent apps and some of which are among the core base of a system.
The only means to progress from rung 0 to rung 1 is for official members of the project team to come in contact with Coverity and begin availing themselves of the code analysis results. Conversely, the project team can also request to be removed from Scan. Thus, while these apps did not opt to be included they have also not asked to opt out.
The broad findings, and the rung divisions, are interesting but where the Open Source Report research also offers huge value is in its categorising the code problems uncovered.
In fact, out of all the projects, over all the code, the biggest recurring problem was NULL pointer dereferences. This alone accounted for 28% of all defects. This type of error occurs when you have program code that might have different paths through a routine depending on variables or conditions. Think of the “if/then” statement; this is a fundamental programming structure which means you can temporarily interrupt the linear flow of a program to do something different depending on whether a condition evaluates to true or false. These are two different paths through the code.
In a NULL pointer dereference you will have one code path which initialises a pointer before using it, but another code path which skips the initialisation and seeks to use the pointer when it is NULL, ie when it does not have a valid value.
This type of flaw can be hard to debug because one code path behaves as it should; the program will not repeatedly crash because certain conditions have to be met for the faulty code to be executed.
Actually, pointers are a complex aspect of computer programming. C and C++ are well known for their arcane nature – although, similarly, they are well known for the control they give a developer over a system and for the raw native execution speed they offer.
David Bass
| For the fourth year in a row, IDC has placed content security provider Websense (NASDAQ: WBSN) at the top of the IDC Worldwide Web Security 2011 –…
How to Make Business Discovery Work for Your Business
Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more
Try an easy-to-use set of web-enabled
tools for business-class productivity services. Office 365 provides
anywhere-access to email, important documents, contacts, and calendars
on almost any device.
