The US Department of Homeland Security has sponsored a three year $1.24 million "Open Source Hardening Project.
This is a project launched to hunt for security bugs in open-source software, to review the code of 180 open source software projects used by developers of government websites and application developers.
The research was conducted by Stanford University, Coverity and Symantec. The results were shocking. All the examined software had a lot of security flaws. Since 2006 about 7,826 open source flaws in 250 projects were fixed.
On Wednesday Coverity started the second stage of the bug-cleansing process on 11 open source projects, called Rung 2. The 11 projects are Amanda, NTP, OpenPAM, OpenVPN, Overdose, Perl, PHP, Postfix, Python, Samba, and TCL. Other popular software under examination are Apache, the Linux kernel and Firefox.
Rung 2 means an updated version of Coverity’s scanner product, which will allow to identify still more flaws. The scanning service will be upgraded from version 2.4 to version 3.6 of Coverity's Prevent bug-scanning product. The latest version is 3.8.