LAMP improves open source software security

xiaoxiao2021-03-17  185

A plan of the US government sponsored recently pointed out that the most popular open source software is often the least software.

According to CNET Technology Information Network, the program analyzer manufacturer COVERITY announced that "LAMP" open source software stacking program error density (number of errors per thousand liner) is lower than the 32 open sources of its analysis Code plan baseline.

According to reports, the US Federal Ministry of Land Security allocated $ 1.240,000, sponsored Stanford University, COVERITY and Symantec, and captured the programming of the open source software and improved the Cover IT's commercial source code analysis tool. This sponsor of January this year, belongs to a three-year "Open Source Hardening Project).

LAMP refers to a combination of Linux operating systems, Apache web servers, MySQL databases, and PHP (Perl or python) languages. At present, it is developing to mainstream commercial operations, trying to challenge Java and Microsoft .NET.

According to reports, Coverity said that its analysis operations scan 32 open source programs have a total of approximately 175 million lines, with an average of 0.434 errors per thousand line programs. But LAMP stack "shows obvious software quality", with only 0.29 errors per thousand line procedures.

However, Coverity pointed out a warning: quite popular instruction language PHP, is a unique error density exceeding the baseline in the LAMP stack. In 32 open source as a baseline, the AMANDA backup tool has the highest error density, and each line is 1.237. The lowest density is the XMMS sound player, and 0.051 errors are detected per thousand lines.

For numbers, the most error is the low-end video interface software X, Coverity, which is available for Linux and UNIX, caught 1,681 program errors. XMMS is in the same place, and only 6 program errors are detected.

Report indicates that Coverity's analysis tools are for 40 most important security weaknesses and coding errors in the software program. The company did not detail the scope of the discovery, and its analysis results cannot be used to assess the security difference between open source program and proprietary procedures, because proprietary software does not provide an error in the external scan.

The report also revealed that Stanford University and COVERITY also use government-sponsored funds, and the architecture sets a system for daily scan open source program to receive procedures. Coverity said that the database of analytical results is open to all software developers for the necessary fixes.

转载请注明原文地址:https://www.9cbs.com/read-129736.html

New Post(0)