Secure Coding mailing list archives
ZDNET: LAMP lights the way in open-source security
From: jeremy.epstein at webmethods.com (Jeremy Epstein)
Date: Tue, 7 Mar 2006 12:17:29 -0500
All of which proves that there are lies, damn lies, and statistics (the statistic being the lower bug density, which ignores the most potentially vulnerable parts of the system).
-----Original Message----- From: sc-l-bounces at securecoding.org [mailto:sc-l-bounces at securecoding.org] On Behalf Of Gavin, Michael Sent: Tuesday, March 07, 2006 11:49 AM To: Kenneth R. van Wyk; Secure Coding Mailing List Subject: RE: [SC-L] ZDNET: LAMP lights the way in open-source security The Coverity product (Coverity Prevent) is a static source code analysis tool for C and C++, see http://www.coverity.com/library/pdf/coverity_prevent.pdf. It isn't actually scanning (or if it is, it isn't analyzing) any of the scripting code, as far I as can tell. Michael -----Original Message----- From: sc-l-bounces at securecoding.org [mailto:sc-l-bounces at securecoding.org] On Behalf Of Kenneth R. van Wyk Sent: Tuesday, March 07, 2006 10:56 AM To: Secure Coding Mailing List Subject: [SC-L] ZDNET: LAMP lights the way in open-source security Interesting article out on ZDNet today: http://www.zdnetasia.com/news/security/0,39044215,39315781,00.htm The article refers to the US government sponsored study being done by Stanford University, Symantec, and Coverity. It says, "The so-called LAMP stack of open-source software has a lower bug density--the number of bugs per thousand lines of code--than a baseline of 32 open-source projects analyzed, Coverity, a maker of code analysis tools, announced Monday." This surprised me quite a bit, especially given LAMP's popular reliance on scripting languages PHP, Perl, and/or Python. Still, the article doesn't discuss any of the root causes of the claimed security strengths in LAMP-based code. Perhaps it's because the scripting languages tend to make things less complex for the coders (as opposed to more complex higher level languages like Java and C#/.NET)? Opinions? Cheers, Ken -- Kenneth R. van Wyk KRvW Associates, LLC http://www.KRvW.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
Current thread:
- ZDNET: LAMP lights the way in open-source security Kenneth R. van Wyk (Mar 07)
- <Possible follow-ups>
- ZDNET: LAMP lights the way in open-source security Gavin, Michael (Mar 07)
- ZDNET: LAMP lights the way in open-source security Jeremy Epstein (Mar 07)
- ZDNET: LAMP lights the way in open-source security Gavin, Michael (Mar 07)
- ZDNET: LAMP lights the way in open-source security Jeff Williams (Mar 07)
- ZDNET: LAMP lights the way in open-source security Crispin Cowan (Mar 07)
- ZDNET: LAMP lights the way in open-source security Gary McGraw (Mar 07)
- ZDNET: LAMP lights the way in open-source security Gavin, Michael (Mar 07)
- ZDNET: LAMP lights the way in open-source security Gary McGraw (Mar 07)