Coverity has published the 2008 edition of its Open Source Report. The report uses static code analysis on C, C++, and Java source code to determine the quality of the code. These reports are funded by the US Department of Homeland Security and supported by Stanford University, and are part of the US government's Open Source Hardening Project. The report is based on over two years' worth of data from Coverity Scan.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2007-01-22
for example see for firefox:
https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&short...
Member since:2006-03-31
I worked on an open-source project used extensively in the systems biology field. (Several major international research institutions are involved in its development.) I called Coverity and asked them if we could use their program for our project. They said they only allow a limited number of open-source projects to use their program for free.
Member since:2008-05-24
Hello Samad,
I was sent a copy of your comment. I would like to know when you called Coverity, and which department, or who you spoke to, if you still have that information.
We don't have a set limit on the number of projects included in the Scan, so either your call was before some of the project was planned out, or I need to do some internal communication to prevent an incorrect message like 'a limited number of projects' from being repeated again.
There are limited resources of course, since we don't have an infinite number of build machines, but I've never turned a project away because of how many projects we have in the Scan already.
There is a backlog of requests for adding new projects, but to get in the queue, submit your project to scan-admin@coverity.com, if you have not done so already. I don't know the name of your project, so I can't proactively check the queue before sending this reply.
Member since:
2005-07-08
Coverity offers the use of their (full-featured) tool free-of-charge to any open-source project on the condition that any bugs they find include an attribution (i.e. "Found using Coverity") in their bug tracker.
It's a pretty sweet deal, since Coverity can easily cost over $1 million USD for proprietary projects, depending on the size of the codebase. All that open-source projects have to do is take advantage of this mutually-beneficial arrangement. There's no reason not to!