就在McAfee发表的K10报告中指出开源软件不安全的同时,来自旧金山的Coverity联合斯坦福大学在国土安全部的带领下在经过源代码分析和评估后证明了C,C++和Java书写的开源项目安全性,Coverity的认证可以为企业提供参考,"放心选择这些开放源代码应用软件".
有11个项目已经取得了安全认证,它们分别是:Amanda, NTP, OpenPAM, OpenVPN, Overdose, Perl, PHP, Postfix, Python, Samba, TCL.
Coverity采用了安全阶梯的评估方法,以上11个项目通过了最严格的Rung2.
| Rung | Project Name | Defect Summary | Lines of Code | Defects / KLOC | View Results | ||
|---|---|---|---|---|---|---|---|
| Fixed | Verified | Uninspected | |||||
|
1
|
AMANDA |
128
|
31
|
0
|
97,488
|
0.000
|
Sign in |
|
1
|
ntp |
8
|
2
|
19
|
56,210
|
0.000
|
Sign in |
|
1
|
OpenPAM |
0
|
0
|
0
|
14,782
|
0.000
|
Sign in |
|
1
|
OpenVPN |
0
|
1
|
13
|
69,667
|
0.014
|
Sign in |
|
1
|
Overdose |
2
|
3
|
0
|
15,489
|
0.000
|
Sign in |
|
1
|
Perl |
46
|
1
|
91
|
497,724
|
0.030
|
Sign in |
|
1
|
PHP |
77
|
7
|
5
|
473,775
|
0.004
|
Sign in |
|
1
|
Postfix |
3
|
0
|
0
|
124,183
|
0.008
|
Sign in |
|
1
|
Python |
77
|
2
|
6
|
284,926
|
0.004
|
Sign in |
|
1
|
Samba |
228
|
2
|
110
|
447,024
|
0.018
|
Sign in |
|
1
|
tcl |
23
|
21
|
33
|
120,473
|
0.000
|
Sign in |
声明:LUPA开源社区刊登此文只为传递信息,并不表示赞同或者反对。
