Finding Open Source Bugs Like Klocwork
A new study by code analysis firm Klocwork has discovered new flaws in open source programs that previous scans by a Department of Homeland Security-sponsored study did not.
Apparently, the open source projects in question were notified by Klocwork of their results, but at least one open source vendor disputes the claim.
Klocwork, which this week released its Klocwork K7.1 automated defect and vulnerability source code scanner, ran its application against the Amanda 2.5, Samba 3.0.23, and XMMS 1.2.10 open source projects.
The scan apparently found hundreds of defects and vulnerabilities in the three projects they analyzed.
"Interestingly, our analysis was a follow-on to the use of another static analysis tool," Klocwork Product Marketing Manager Brendan Harrison wrote in an unpublished blog posting sent to internetnews.com.