On CHOW: This beer is perfect
BNET Business Network:
BNET
TechRepublic
ZDNet
191 TalkBacks

By Joris Evers
Posted on ZDNet News: Aug 3, 2005 9:26:00 PM

Serious security bugs in key parts of the latest Linux code have been fixed, but some small glitches have been introduced, according to a recent scan.

In December, Coverity looked at version 2.6.9 of the Linux kernel, the heart of the open-source operating system, and found six critical defects in the core file system and networking code. In July, the code analysis company scanned the latest version of the Linux kernel, version 2.6.12, and found no such programming errors, Coverity CEO Seth Hallem said.

However, 1,008 defects were discovered in other parts of version 2.6.12. These coding problems, which could indicate security flaws, rest mainly in drivers, Hallem said. That's a slight increase compared with the earlier analysis, when 985 total defects were found, according to San Francisco-based Coverity.

"The bugs that we reported that were in critical pieces of the kernel were fixed," Hallem said. "At the same time, people still write buggy code. As new code gets introduced, there are new bugs."

As a result, the overall bug density--the number of bugs per thousand lines of code--only decreased from 0.17 defects to 0.16 defects, according to Coverity's scan.

The results of the analysis are a sign that Linux is maturing as an operating system and in the security of its core code. That could make it a more attractive option for users, corporate ones especially, as rival OS maker Microsoft works to bolster the security in its own software.

Coverity's code analysis tools look for common mistakes in writing C and C++ programming code. The company did not give details on the scope of the flaws it found. It rated faults in the file system and networking code as more serious because those pieces will be used by all Linux users, Hallem said. The other coding mistakes are considered less critical because bugs in drivers, for example, will only put users at risk if they use those drivers.

The analysis can't be used to measure the security of Linux next to that of Microsoft's Windows operating system. The Windows kernel source code is not available for scanning by Coverity, making an equal comparison impossible.

Microsoft does use analysis tools similar to those in Coverity's study to vet its Windows code. One tool, known as Prefast, runs on each developer's workstation to check code for simple problems. The other tool, Prefix, is run every night on the Windows source code to catch more complex issues.

Like last time, Coverity plans to make the results of its analysis available to Linux developers so the bugs it found can be fixed, Hallem said.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 191 Talkback(s)
PMC-CON - Check your groundless bigotry at the door, please.
>"Goldin - Check The Dictionary Ref Inside
http://www.bartleby.com/61/70/P0017000.html"

Internet dictionaries are no... (Read the rest)
Posted by: cdgoldin Posted on: 09/06/05 You are currently: a Guest | | Terms of Use
Hold it Loverock!  yyuko@... | 08/03/05
HAHAHAHAHAHA!!!!  Sabz5150 | 08/03/05
I'm afraid I can't do that Dave (NT)  Loverock Davidson | 08/03/05
Which version of 2.6.12?  Sabz5150 | 08/03/05
version of 2.6.12  coda9 | 08/03/05
Anything going on for non kernel.org code?  communications@... | 08/05/05
Somebody has to care about security in an OS...  Colonel_Panic | 08/03/05
Feeling a little insecure?  ShadeTree | 08/04/05
Thus we see the true advantage of "closed source"...  bill@... | 08/04/05
dont let the criminals publish their own...  linuxoverwindows | 08/04/05
Did you even read my post?  ShadeTree | 08/04/05
Again ...  gary.douglas@... | 08/04/05
Thank You  D-Ram | 08/04/05
Yes, thanks  rapson | 08/04/05
Nice Mature Comment -- Everybody Read!  PMC-CON | 08/04/05
Not quite  bit_rot | 08/04/05
Another point  DemonX | 08/04/05
Your "Bang on the Money"  Cayble | 08/05/05
Article Mentioned M$ux First, Didja Read It??? (nt)  tbbrickster_z | 08/04/05
A couple times!  ShadeTree | 08/04/05
the reason ms wont release code...  linuxoverwindows | 08/04/05
???  cdgoldin | 08/04/05
It was a joke  no@... | 08/04/05
What a doooofus  D-Ram | 08/04/05
Hey @$$l-l0LE, I was only commenting...  Colonel_Panic | 08/08/05
1008 discovered. How many  bjbrock | 08/03/05
2 orders of magnitude is "hardly better"?  rpmyers1 | 08/03/05
OSS ? you can see bugs, proprietary ? ONLY feel. Who?s better? (NT)  Vily Clay | 08/03/05
OSS - you can see AND feel the bugs - hardly better!  cdgoldin | 08/04/05
Seeing the bugs IS better!  no@... | 08/04/05
DT's?  cdgoldin | 08/04/05
nice troll  azurensis | 08/05/05
I so agree with you  gentoo | 08/06/05
MS/Apple apps have unfair advantages. Why can?t you do the same?  Vily Clay | 08/05/05
Both how many of you are looking at the source code anyway?  communications@... | 08/05/05
Does anybody know how this really is ?  vladsim | 08/05/05
Should you know the blueprint of a TV? Same the majority of OSS users.  Vily Clay | 08/05/05
Remarkalbly astoute observations! Kudos ...  michael_t | 08/03/05
That was in 1999  kelkins@... | 08/04/05
Let me explain a few things here:  michael_t | 08/04/05
That was in 1999  communications@... | 08/05/05
Remarkable Claim!  ShadeTree | 08/04/05
Deterrioration of grey matter function  michael_t | 08/04/05
Try reading slower and comprehending?  ShadeTree | 08/05/05
You might try typing slower  vferrara | 08/05/05
Getting closer for your permanent induction in the  michael_t | 08/05/05
Thanks, this CORROBORATES my points ....;-)  michael_t | 08/05/05
Message has been deleted.  Colonel_Panic | 08/03/05
What fees?  cdgoldin | 08/04/05
Users do insist on it  no@... | 08/04/05
Not strongly enough  cdgoldin | 08/04/05
You must be a freelaoder  kelkins@... | 08/04/05
Be realistic about Windows prices.  Anton Philidor | 08/04/05
RE: Be realistic about Windows prices.  Linux User 147560 | 08/04/05
Actually,  Patrick Jones | 08/04/05
Shameless.  Anton Philidor | 08/04/05
Re: Shameless  IanX | 08/04/05
Microsoft Anti-Spyware Beta  Anton Philidor | 08/04/05
What Makes You Think You Know The OEM Pricing?  PMC-CON | 08/04/05
Actually he is very close ...  ShadeTree | 08/04/05
Doing a weighted average...  Anton Philidor | 08/04/05
All I Have toi Say is ... Bullroar (nt)  PMC-CON | 08/04/05
My whole point was M$ fanboys come running here...  Colonel_Panic | 08/08/05
Coverity's testing is  Hugh Jass | 08/03/05
I'd swear I'd hear this before...  bill@... | 08/04/05
Only SIX? Did I read well? Kudos to the developers...;-)  michael_t | 08/03/05
Unreal how insecure this is...  Mike Cox | 08/03/05
umm, you may need some routers...  ~doolittle~ | 08/03/05
Mikey Got Yet Another NOOB  tbbrickster_z | 08/04/05
Re: Routers  IanX | 08/04/05
MSN customers only  duclod | 08/04/05
At last!!!  hal9000mx | 08/04/05
5 - i didnt laugh as much...  linuxoverwindows | 08/04/05
400M Apache Sites/? Servers ... Serving Porn  PMC-CON | 08/04/05
LOL  IanX | 08/04/05
US Congress can stop the world???  CoyoteSeven | 08/04/05
FOUR HUNDRED MILLION????  s_gamgee | 08/05/05
LOL  vferrara | 08/05/05
Key bugs in core Linux code squashed  Loverock Davidson | 08/03/05
I'm so proud of you  Michael Kelly | 08/03/05
I'm being nice today  Loverock Davidson | 08/03/05
RE: I'm being nice today  Linux User 147560 | 08/04/05
Linux less bugged than Windows  no@... | 08/04/05
Linux is bug ridden  Loverock Davidson | 08/04/05
*BSD is more secure  no@... | 08/04/05
One bullet or 2000 bullets....  John Zern | 08/04/05
RE: One bullet or 2000 bullets....  nightshade0143 | 08/04/05
gotta have a few bugs...  linuxoverwindows | 08/04/05
Hunt the bug ????  The Quietman | 08/04/05
Hard Fact  code_flogger | 08/04/05
Hard Fact?  3D0G | 08/04/05
Where ever there is a linux/freeware story  whitewlf | 08/04/05
How much code have you written?  wes@... | 08/05/05
Linux!  Loverock Davidson | 08/03/05
And how has Windows managed it?  no@... | 08/04/05
windows management...  linuxoverwindows | 08/04/05
Your full of it  Loverock Davidson | 08/04/05
Not a shill  no@... | 08/04/05
Bug Ridden Linux  jphines79 | 08/04/05
Video and audio cards...  Anton Philidor | 08/04/05
PKB, pebbles.  The Quietman | 08/04/05
What kind of computer are you running?  Anton Philidor | 08/04/05
RE What kind of computer are you running?  nightshade0143 | 08/04/05
Many newer applications...  Anton Philidor | 08/05/05
And its in the CORE of linux, not apps, ROFL!  Loverock Davidson | 08/03/05
Thank you  yyuko@... | 08/03/05
Don't thank me  Loverock Davidson | 08/03/05
I'm impressed with your control..  Patrick Jones | 08/04/05
Goodness, When Do You Have Time...  bill@... | 08/04/05
Goodness, When Do You Have Time...  Loverock Davidson | 08/04/05
translation:  linuxoverwindows | 08/04/05
At least you've got one thing right  toadlife | 08/03/05
I'm always right  Loverock Davidson | 08/03/05
The Question Is...  bill@... | 08/04/05
and my translation post stands... (nt)  linuxoverwindows | 08/04/05
Windows kernel flawed  no@... | 08/04/05
Here is some news for you!  ShadeTree | 08/04/05
Why can't they be removed?  no@... | 08/04/05
Integration  rapson | 08/04/05
They can be removed  voska | 08/04/05
Ok I'll play your little game  Loverock Davidson | 08/04/05
Game?  no@... | 08/04/05
Once again, displaying your stupidity  Sabz5150 | 08/04/05
Lamest Excuse for a Broken Installer, Ever  PMC-CON | 08/04/05
Broken installer?  Sabz5150 | 08/05/05
re: And its in the CORE of linux, not apps, ROFL!  barsteward | 08/04/05
What you don't know . . .  Roger Ramjet | 08/04/05
GOOD!  An_Axe_to_Grind | 08/04/05
2.6.9 is an unstable version.  jolumoar | 08/04/05
you have the numeric meaning off!  B.O.F.H. | 08/04/05
This is too much a sophisticated concept for some people  michael_t | 08/04/05
-Unstable version  modvavet | 08/04/05
Apology  modvavet | 08/04/05
Even Satan himself should'nt be critisized for things he did not do...  fabricio | 08/04/05
Welcome To ZDNet  nikoli | 08/04/05
I guess so  fabricio | 08/04/05
Aaand this rant is relevant to this story how???  Airwolph | 08/04/05
OK  fabricio | 08/04/05
Don't let him fool you!  ShadeTree | 08/04/05
exactly, but we dont usually use mcdonalds or drugs...  linuxoverwindows | 08/04/05
hypocrites!  bubblesroe@... | 08/04/05
Are you kidding?  rapson | 08/04/05
nice...  linuxoverwindows | 08/04/05
Hey...  rapson | 08/04/05
yeah, we absolutely dont like off topic posts 'round here.  linuxoverwindows | 08/04/05
RE: Aaand this rant is relevant to this story how???  HerbieHightower | 08/04/05
AAAAaaaawwwwwwww - Shaddup !  I_am_hellion_z | 08/04/05
Sorry  fabricio | 08/04/05
Say what, paisano?  cdgoldin | 08/04/05
So Goldin is An Italian Name?  PMC-CON | 08/04/05
S?, realmente, ? italiano  cdgoldin | 08/04/05
Goldin - Check The Dictionary Ref Inside  PMC-CON | 08/06/05
PMC-CON - Check your groundless bigotry at the door, please.  cdgoldin | 09/06/05
what i think about pharmaceuticals...  linuxoverwindows | 08/04/05
ROTFLMAO - [nt]  I_am_hellion_z | 08/04/05
In case you hadn't noticed  Jack-Booted EULA | 08/04/05
Woo Woo !!  I_am_hellion_z | 08/04/05
What'd you expect? Hearts and Flowers?  The Quietman | 08/04/05
this is for venting fristration and/or wasting time at work...  linuxoverwindows | 08/04/05
What has the WORLD done to them?  wes@... | 08/05/05
Why  fabricio | 08/04/05
It's 'better' because .....  The Quietman | 08/04/05
Better?  cdgoldin | 08/04/05
Please read "Worm hole found in Windows 2000"  ~doolittle~ | 08/04/05
Please read "Key Bugs in core Linux code squashed"  ShadeTree | 08/04/05
not on SAN level  ~doolittle~ | 08/04/05
Try getting up to speed.  ShadeTree | 08/04/05
And try to attach NT or XP to Fibre Channel RAID arrays  michael_t | 08/05/05
Please Read the Stories About GreaseMonkey  PMC-CON | 08/04/05
Then explain why  Linux User 147560 | 08/05/05
Half-truths and exaggerations  The Quietman | 08/05/05
I don't.  Loverock Davidson | 08/04/05
Isn't that an advantage?  no@... | 08/04/05
9 - you almost had me convinced youre a real windows zealot! happy  linuxoverwindows | 08/04/05
More sour grapes from pebbles ...  The Quietman | 08/04/05
RIGHT!!!  trustifier@... | 08/04/05
ZDNet's smilie stuck over the news.  Anton Philidor | 08/04/05
A fundamental failure of the open source concept?!  dataless | 08/04/05
a web browser is not MTA - sad really  ~doolittle~ | 08/04/05
ok - I see what you are saying  ~doolittle~ | 08/04/05
RE: it figures Linux  Krazyken39 | 08/04/05
windows blocked SP1 security updates, great idea  ~doolittle~ | 08/04/05
Is This A Defense of Linux, Or A Slam?  PMC-CON | 08/04/05
RE: I meant that exactly & home users  Krazyken39 | 08/12/05
RE: But....People are the problem  Krazyken39 | 08/12/05
kernel rotation and integration into production  ~doolittle~ | 08/04/05
Only 1000 bugs?  BobSchlesinger_z | 08/04/05
Admitting that I know nothing...  s_gamgee | 08/05/05
Don't Kill the Messenger  communications@... | 08/05/05
RIP, Linux  RimaDog@... | 08/06/05
linux  cdfoster | 08/10/05

What do you think?

advertisement
advertisement

White Papers, Webcasts, and Downloads

Meet Doc

  • Here to help you with your Document Management Needs
  • Doc is an enigma. Born to a Russian ballerina and a German electrical engineer, he grew up in various locations in the United States. He’s seen the insides of more brands, versions, and generations of printer and printer-related hardware than almost anyone.
  • To learn more about this mysterious figure check out his blog on ZDNet and his Workspace on TechRepublic. You’ll be glad you did.
  • Produced by
    ZDNet and