Coverity project fixes 6,000 open-source software bugs

An open-source bug fix project sponsored by the US government and run by source-code analysis specialist Coverity has received around 6,000 fixes in its first year.

The scan.coverity.com project was commissioned by the US Department of Homeland Security to help reduce the number of flaws in open-source software. It is being carried out by Coverity in conjunction with Stanford University and security vendor Symantec.

To mark the project’s one-year anniversary this month, Coverity has extended the number of projects under assessment from 50 to 150. It also announced that developers had fixed an average of 16 bugs per day in the first year, many of which could have affected millions of people.

One of the new entries to the project is FreeRadius, a software application that provides secure authentication to millions of internet and business network users.

Alan DeKok, project leader for the FreeRadius assessment, said that, for this type of network access software, any crash or security bug could have a “worldwide impact on people’s ability to access the internet”.

Coverity has also updated its web site to offer full colour graphs rather than just summary tables.