Coverity has published the 2008 edition of its Open Source Report. The report uses static code analysis on C, C++, and Java source code to determine the quality of the code. These reports are funded by the US Department of Homeland Security and supported by Stanford University, and are part of the US government's Open Source Hardening Project. The report is based on over two years' worth of data from Coverity Scan.
To read all comments associated with this story, please click here.
Member since:2005-07-08
Coverity offers the use of their (full-featured) tool free-of-charge to any open-source project on the condition that any bugs they find include an attribution (i.e. "Found using Coverity") in their bug tracker.
It's a pretty sweet deal, since Coverity can easily cost over $1 million USD for proprietary projects, depending on the size of the codebase. All that open-source projects have to do is take advantage of this mutually-beneficial arrangement. There's no reason not to!
Member since:2007-01-22
for example see for firefox:
https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&short...
Member since:2006-03-31
I worked on an open-source project used extensively in the systems biology field. (Several major international research institutions are involved in its development.) I called Coverity and asked them if we could use their program for our project. They said they only allow a limited number of open-source projects to use their program for free.
Member since:
2007-01-22
I'm hoping we will see Haiku, syllable, reactos and other open source OS's on the coverity scan.