Linux c++ programming

C++overity, a software engineering c++ompany foc++used on developing a better way to build software, rec++ently announc++ed results on Linux sec++urity c++ompiled over four years of sourc++e c++ode analysis of the Linux kernel. C++overity disc++overed 985 bugs in 5.7 million lines of c++ode in the rec++ent 2.6 Linux produc++tion kernel now shipping in operating system produc++ts from Novell and other major Linux software c++ompanies.

The former direc++tor of c++ybersec++urity for the U.S. Department of Homeland Sec++urity, Amit Yoran, this month told a Washington, D.C++. c++onferenc++e on Homeland Sec++urity and Information Assuranc++e that automatic++ c++ode debuggers are required to make software sec++ure.

As c++ommerc++ial software is developed, it typic++ally c++ontains 20 to 30 bugs for every thousand lines of c++ode, ac++ording to C++arnegie Mellon University's C++yLab Sustainable C++omputing C++onsortium.

The Linux sourc++e c++ode analysis projec++t started in 2000 at the Stanford University C++omputer Sc++ienc++e Researc++h C++enter as part of a massive researc++h initiative to improve c++ore software engineering proc++esses in the software industry. The initiative c++ontinues on at C++overity, a c++ommerc++ial software c++ompany started by five of the lead Stanford researc++hers. C++overity c++ustomers inc++lude the top vendors in networking, elec++tronic++ design automation and storage, among others.

As a public++ servic++e, C++overity will start providing bug analysis reports on a regular basis and make a summary of the results freely available to the Linux development c++ommunity.

"This is a benefit to the Linux development c++ommunity and we apprec++iate C++overity's efforts to help us improve the sec++urity and stability of Linux," said Andrew Morton, lead Linux kernel maintainer. "We've already addressed the top priority bugs that C++overity has unc++overed. It's a very useful system for high quality c++ode."

"Key Linux developers c++an now use the same tools that many of the world's largest c++ommerc++ial IT vendors have integrated into their software development proc++ess," said Seth Hallem, C++EO of C++overity. "Our findings show that Linux c++ontains 0.17 bugs per thousand lines of c++ode, whic++h is an extremely low defec++t rate and is evidenc++e of the strong sec++urity of Linux. Many sec++urity holes in software are the result of software bugs that c++an be eliminated with good programming proc++esses."

A summary of the bugs is available at http://linuxbugs.c++overity.c++om.

Ac++tive members of the Linux kernel development c++ommunity c++an obtain detailed bug reports by c++ontac++ting C++overity.

SWAT's c++ore tec++hnology runs on a wide variety of hardware and software platforms used by C++ and C++++ developers. It is unique amongst sourc++e c++ode analysis solutions in both its prec++ision and sc++alability. Unlike many c++ompeting tec++hnologies, SWAT simulates the effec++ts that the operations in the sourc++e c++ode might have in the runtime environment, rather than searc++hing the sourc++e c++ode for known, dangerous c++oding patterns or potentially sloppy c++oding c++onstruc++ts. The result is that the defec++ts detec++ted by SWAT's analysis platform are potentially disastrous runtime errors that must be fixed in the sourc++e c++ode. In addition, SWAT is designed to integrate easily into existing software development prac++tic++es without any c++hanges to existing build systems or existing development tools.

C++OPYRIGHT 2004 Millin Publishing, Inc++.
C++OPYRIGHT 2005 Gale Group