Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Linux: Fewer Bugs Than Rivals

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Linux: Fewer Bugs Than Rivals
Date: Wed, 15 Dec 2004 02:26:20 -0600 (CST) 
http://www.wired.com/news/linux/0,1411,66022,00.html

By Michelle Delio
Dec. 14, 2004 

Linux advocates have long insisted that open-source development
results in better and more secure software. Now they have statistics
to back up their claims.

According to a four-year analysis of the 5.7 million lines of Linux
source code conducted by five Stanford University computer science
researchers, the Linux kernel programming code is better and more
secure than the programming code of most proprietary software.

The report, set to be released on Tuesday, states that the 2.6 Linux
production kernel, shipped with software from Red Hat, Novell and
other major Linux software vendors, contains 985 bugs in 5.7 million
lines of code, well below the industry average for commercial
enterprise software. Windows XP, by comparison, contains about 40
million lines of code, with new bugs found on a frequent basis.

Commercial software typically has 20 to 30 bugs for every 1,000 lines
of code, according to Carnegie Mellon University's CyLab Sustainable
Computing Consortium. This would be equivalent to 114,000 to 171,000
bugs in 5.7 million lines of code.

The study identified 0.17 bugs per 1,000 lines of code in the Linux
kernel. Of the 985 bugs identified, 627 were in critical parts of the
kernel. Another 569 could cause a system crash, 100 were security
holes, and 33 of the bugs could result in less-than-optimal system
performance.

Seth Hallem, CEO of Coverity, a provider of source-code analysis,
noted that the majority of the bugs documented in the study have
already been fixed by members of the open-source development
community.

"Our findings show that Linux contains an extremely low defect rate
and is evidence of the strong security of Linux," said Hallem. "Many
security holes in software are the result of software bugs that can be
eliminated with good programming processes."

The Linux source-code analysis project started in 2000 at the Stanford
University Computer Science Research Center as part of a large
research initiative to improve core software engineering processes in
the software industry.

The initiative now continues at Coverity, a software engineering
startup that now employs the five researchers who conducted the study.  
Coverity said it intends to start providing Linux bug analysis reports
on a regular basis and will make a summary of the results freely
available to the Linux development community.

"This is a benefit to the Linux development community, and we
appreciate Coverity's efforts to help us improve the security and
stability of Linux," said Andrew Morton, lead Linux kernel maintainer.  
Morton said developers have already addressed the top-priority bugs
uncovered in the study.



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - 
http://www.osvdb.org/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Linux: Fewer Bugs Than Rivals, InfoSec News <=
Previous by Date:  [ISN] Microsoft Plugs Code Execution Holes on Patch Day, InfoSec News
Next by Date:  [ISN] Air Force seeks cyberwar edge, InfoSec News
Previous by Thread:  [ISN] Microsoft Plugs Code Execution Holes on Patch Day, InfoSec News
Next by Thread:  [ISN] Air Force seeks cyberwar edge, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]