Dr. Dobb's is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Channels ▼


Scanning Critical Security Defects In C# Open Source

The Coverity Scan Project Spotlight has analyzed the security defects detected by its open source software scanning service. In conjunction with the release of the report, the company has announced that it would also enhance its scan service to include a security advisor solution to the service so projects can now find critical Open Web Application Security Project (OWASP) Top 10 issues.

The service has also been expanded to include C# open source projects.

Recent high-profile vulnerabilities in open source code include Shellshock, the OpenSSL Heartbleed, and GoToFail vulnerabilities. This project identifies several common defects and exposures (CVEs) in open source code, and identifies that the GoToFail vulnerability could have been detected in this scan.

With this announcement, the company is arguing hard to tell us that it is enabling Java developers to find and fix security issues in their software code, including all of the OWASP Top 10 and other web application security issues.

The OWASP Top 10 presents the most critical threat to open source code. The scan in question here has been able to detect web application security defects in Java, the service has identified 688 OWASP Top 10 issues in 37 open source projects, including big data, network management, and blog server projects.

The following are the specific number of OWASP Top 10 issues found:

The firm's scan service has analyzed several hundreds of millions of lines of code from more than 1,500 open source projects — including C/C++ projects such as NetBSD, FreeBSD, LibreOffice and Linux, and Java projects such as Apache Hadoop, HBase, and Cassandra. The scan service has helped developers find and fix more than 94,000 defects since 2006. Nearly 50,000 defects were fixed in 2013 alone — the largest single number of defects fixed in a single year.

Related Reading

More Insights

Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.