Ethereal: Re: [Ethereal-dev] Coverity Open Source Defect Scan of Ethereal

Ethereal-dev: March 2006

Subject: Re: [Ethereal-dev] Coverity Open Source Defect Scan of Ethereal
From: Guy Harris <gharris@xxxxxxxxx>
Date: Mon, 06 Mar 2006 11:59:06 -0800

Andreas Sikkema wrote:

BTW, we have a lower defect rate than most of the projects on the list
including Apache, Firefox, FreeBSD, gcc, Gnome, Linux 2.6, OpenSSL,
Perl, and Python.  Of the projects > 1M lines of code, we have the
lowest defect rate by far.  Heh.
As mentioned on lwn.net http://lwn.net/Articles/174426/:
"On the other hand, ethereal shows a very low defect rate, which can be hard to square with the long list of security advisories from that project."

If we stopped issuing security advisories, we could make it easier to understand those results. :-)

I.e., as Gerald noted, that might be a disadvantage of being somewhat vigorous about finding problems with, for example, the fuzz testing.

References:
- RE: [Ethereal-dev] Coverity Open Source Defect Scan of Ethereal
  - From: Andreas Sikkema

Prev by Date: [Ethereal-dev] Update on packet-scsi
Next by Date: SV: [Ethereal-dev] Update on packet-scsi
Previous by thread: [Ethereal-dev] Re: Coverity Open Source Defect Scan of Ethereal
Next by thread: RE: [Ethereal-dev] Wrong decoding of PER Enumerated type with extension?
Index(es):
- Date
- Thread