San Francisco, California – (via THE
HOSTING NEWS) – August 3, 2005 – Coverity, Inc., makers of the world’s most
advanced and scalable source code analysis solution today announced results from
a new study on the security and quality of the Linux kernel.
Six months ago Coverity analyzed Linux kernel 2.6.9, the same version used in
Red Hat Enterprise Linux 4.0, and found six potentially critical defects in the
core filesystem and networking code. Today’s findings on the newest Linux kernel
2.6.12 show that all critical defects have been fixed.
Andrew Morton, Lead Kernel Maintainer of the 2.6 Linux Kernel said, ”Coverity
has worked with the kernel community to help identify a number of longstanding
correctness and security issues with the kerne. Version 2.6.12 of the Linux kernel
incorporates numerous fixes relative to version 2.6.9 which have resulted from
Coverity’s analysis. I appreciate the fact that Coverity is able to determine
that the kernel is free from several classes of error and that we have the means
to avoid such errors creeping into the kernel in the future.”
”Although the size of the Linux kernel increased over the six month study,
we noticed a significant decrease in the number of potentially serious defects
in the core Linux kernel,” said Seth Hallem, CEO of Coverity. ”Although
contributors introduced new defects, these were primarily in non-critical device
Coverity’s study focused on the main Linux kernel. Vendors such as Red Hat and
Novell take the base Linux kernel, often making modifications to the software
before distribution. In the past, many IT system administrators have been reluctant
to apply the latest software patches because of concerns that the patches would
introduce new defects. Coverity’s study shows that although new defects were introduced
into the kernel, all the known potentially serious defects were fixed.
Approximately 6 million lines of software were analyzed in the study. Defect density
decreased slightly by 2.2 percent from 0.17 defects thousand lines of code in
December of 2004 to 0.16 defects in July of 2005.
Summary findings of number of defects by type are immediately available to
the press and general public from Coverity. Technical details on specific defects
are available to active Linux kernel developers. A report with a more detailed
description of the analysis will be available at the end of August, 2005. For
further information please visit: http://www.coverity.com.