Wednesday, October 15, 2014

Coverity releases security spotlight report on critical security defects in open source projects

MOUNTAIN VIEW, USA: Coverity Inc. announced the release of its latest Coverity Scan Project Spotlight, which analyzed the security defects detected by its open source software scanning service.

In conjunction with the release of the report, Coverity also announced that it would enhance the Coverity Scan service by including the Coverity® Security Advisor solution to the service so projects can now find critical Open Web Application Security Project (OWASP) Top 10 issues. The service has also been expanded to now include C# open source projects.

Recent high-profile vulnerabilities in open source code, including Shellshock, the OpenSSL Heartbleed and GoToFail vulnerabilities, have highlighted the importance of code quality and security for organizations. The Coverity Scan Security Spotlight identifies several common defects and exposures (CVEs) in open source code, and identifies that the GoToFail vulnerability could have been detected in Scan.

Since the inception of the Coverity Scan service in 2006, Coverity has enabled open source projects to find and fix critical security issues, including buffer overflows, integer overflows, and format string errors in C/C++ code. With today's announcement, the company is now enabling Java developers to find and fix security issues in their software code, including all of the OWASP Top 10 and other web application security issues.

The OWASP Top 10 presents the most critical threat to open source code. In the short time since Coverity Scan has been able to detect web application security defects in Java, the service has identified 688 OWASP Top 10 issues in 37 open source projects, including big data, network management, and blog server projects.  The following are the specific number of OWASP Top 10 issues found:

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.