DHS Program Helps Reduce Open Source Defects
Two years into the effort, new report sheds light on how effective your tax dollars have been at improving open source security.
Nearly two and a half years ago, the U.S. Department of Homeland Security (DHS) issued a multi-year grant to help improve open source code quality. It appears the DHS investment has paid off.
According to a report from code analysis vendor Coverity, the DHS-sponsored effort has helped to reduce "defect density" in 250 open source projects by 16 percent over the past two years. That defect reduction translates into the elimination of more than 8,500 defects.
The report on the benefits of the DHS open source security efforts comes at a time when open source software is increasingly becoming part of critical infrastructure both in the government and in U.S. enterprises.
Coverity is a code analysis vendor and runs its scanning tools on the included open source projects to identify coding errors.
While many projects have benefited from running the DHS-sponsored Coverity scan, not all have actually managed to reduce their defects.
"There is a graph in the report that shows some projects have significant improvements and some that haven't been actively using the results from the scan actually have increased in defect density," Maxwell said.
The report graph that was provided to InternetNews.com doesn't fully reveal which projects did not improve. The report, however, did identify Perl, PHP, Python, Postfix, Samba and TCL among the projects that have been able to reduce their code defect densities by using data from the Coverity scans.