Coverity
and Digeo Cooperate to Improve and Fix Linux Security
and Reliability
Coverity continues support of open source projects
with new analysis of Linux and FreeBSD
SAN FRANCISCO, June 27, 2005 –
Coverity, Inc., makers of the world's most advanced
and scalable source code analysis solution today announced
that Coverity and Digeo are working together on research
and development to identify and eliminate device driver
defects in Linux.
Coverity also released software defect and security
vulnerability results for FreeBSD 6.0, a popular operating
system (OS) that secures over 2.5 million* Internet
sites. Coverity found 306 software defects in FreeBSD's
1.2 million lines of code, or an average of 0.25 defects
per 1,000 lines of code. In a December 2004 study of
the Linux kernel, Coverity found 985 software defects
in 5.7 million lines of code, or an average of 0.17
defects per 1,000 lines of code. Digeo and Coverity
as now working together to eliminate these defects from
the Linux code base.
"The quality of Linux is already extremely good. Coverity
and Digeo are working to make the already excellent
Linux OS even better," said Seth Hallem, CEO of Coverity.
"We want to emphasize that the Linux code base is larger
and has more driver support than FreeBSD. Coverity is
releasing research results in an open manner to help
the open source development community, not as a direct
comparison of Linux and BSD."
"Coverity's source code analysis solutions help us isolate
quality and security vulnerabilities in software, "said
Toby Farrand, chief technology officer for Digeo. "Our
work with Coverity is just one of many activities we
engage in to continuously improve Linux and ensure it
remains the operating system of choice for embedded
systems applications."
"The vast majority of computer security flaws result
from careless programming errors which are ideally suited
for detection by automated verification software," said
Dr. Colin Percival, FreeBSD Deputy Security Officer.
"I would strongly recommend that any organization writing
security-critical code use such software, and to my
knowledge Coverity's software is easily the best such
tool available."
Key findings of the new Coverity study on FreeBSD include:
- FreeBSD contains relatively few security holes that
could be found through text searching or intraprocedural
analysis;
- The FreeBSD development team responds to security
vulnerabilities very rapidly - the group maintains
a dedicated security response team and controls code
submission;
- FreeBSD security is getting better very quickly
- over the course of a year, FreeBSD's code size doubled,
while the total number of defects went down by 50%.
Many of the largest telecommunications and Internet
enterprises in the world rely on FreeBSD to secure thousands
of servers. According to Internet services firm Netcraft,
Yahoo!, the world's largest Internet company, hosts
over 266,000 active Internet sites on FreeBSD and telecommunications
giant NTT/Verio hosts over 175,000 active sites on FreeBSD.
Reliance on the security of FreeBSD continues to grow
with over 500,000* new FreeBSD Internet sites created
each year.
* Source: Netcraft, June 2004
About Coverity, Inc.
Coverity (www.coverity.com), makers of the world's most
advanced and scalable source code analysis solution
for pinpointing software defects and security vulnerabilities,
is a privately-held company headquartered in San Francisco.
Coverity was founded in 2002 by leading Stanford University
scientists whose four-year research project resulted
in a breakthrough approach for addressing the costliest
problem in the software industry. That research breakthrough
allows developers to quickly and precisely eliminate
software defects and security vulnerabilities in tens
of millions of lines of new or legacy code. Today, Coverity's
solution is used by more than 40 leading companies to
significantly improve the quality of their software,
including Juniper Networks, VERITAS, McAfee, Synopsys,
NASA, PalmOne, Sun Microsystems and Wind River.
Coverity is a registered trademark, and Coverity Extend
and Coverity Prevent are trademarks of Coverity, Inc.
All other company and product names are the property
of their respective owners.
Media Contacts
Bret Clement
Page One PR for Coverity
bret@pageonepr.com
(303) 462-3057
David Park
dave@coverity.com
(415) 321-5204
« back to Press Releases Main
|
