Coverity Scan Open Source Report 2008英文电子书.pdf

OPEN SOURCE REPORT 2008 Acknowledgements On behalf of the Scan site and Coverity, we would like to acknowledge the following organizations for their contribution to this report. It is our intention that developers, both open source and commercial, will benefit from the findings in this report, which is possible thanks to the following: Open Source Developers – Around the world, open source developers have invested their time and energy to utilize results from the Scan site to improve the quality and security of their code. It has been a pleasure to work with fellow developers who are so passionate about their work. We thank you for your time, your feedback, and your trust in our organization. Moreover, we applaud your drive and success at building better software. A special word of thanks goes to the developers/projects that assisted with the creation of this report, or have provided valuable input and feedback on the Scan project, including: The Samba Team, The FreeBSD Project, der Mouse, Mark Arsenault, and the developers from ntp, Linux, Perl, Python, and PHP. U.S. Department of Homeland Security – We extend our gratitude to the U.S. Department of Homeland Security for their continued support of the Scan site. In particular, we thank the members of the DHS responsible for the success of the U.S. Government’s Open Source Hardening Project. 1 Executive Summary The Scan site () is sponsored by Coverity™ with support from the U.S. Department of Homeland Security. This report presents historical trend data collected by Scan researchers over the past two years. Findings are based on analysis of over 55 million lines of code on a recurring basis from more than 250 open source projects, representing 14,238 individual project analysis runs for a total of nearly 10 billion lines of co