Here are two initiatives to improve software quality for open source software:
in USA:
Accelerating Open Source Quality
In collaboration with Stanford University, Coverity is establishing a new baseline for software quality and security in open source based on the analysis of over 30 of the most critical and widely used open source projects in the world. Under a contract with the Department of Homeland Security, we apply the latest innovation in automated defect detection to uncover some of the most critical types of bugs found in software.
We are making the results of our automated analysis available to the maintainers within the open source community. Additional projects will be added over time. source: scan.coverity.com
The US Department of Homeland Security recently funded a three-year grant worth US$ 1.24 million to set up a daily auditing program for major open-source applications. A recent study by the Mitre Corp., found that there are more than 230 open-source software packages currently in use for critical operations within the federal government. The grant is called the “Vulnerability Discovery and Remediation Open Source Hardening Project,” and it is a part of an initiative by the Department of Homeland Security to perform daily security audits of approximately 40 open-source software applications, including Linux, Apache, MySQL, and Sendmail, that provide crucial services for the government and the private sector. The grant money will be shared by Stanford University of Palo Alto, Calif. (US$ 841,276), Coverity of San Francisco (US$ 297,000), a maker of static software analysis tools, and software security vendor, Symantec of Santa Monica, Calif. (US$ 100,000).One of the goals of the study is to improve techniques for automatically checking for security problems, so that vulnerabilities will be exposed and repaired before the software is released.The security study will apparently use Coverity’s source code analysis technology to target security and other programming defects in widely used open-source applications. Symantec will provide direction for where to investigate security flaws in the applications that will be tested in the study. Stanford University will provide project management and maintain a publicly available database that describes the uncovered bugs and defects. So far there have been criticism of the lack of funding going directly to open-source developers and questions about why the code analysis tools are not directly available to the developers themselves. source: www.linux-magazine.com, Issue 65, April 2006, page 10, www.linux-magazine.com/issue/65/Business_News.pdf
here some info between Coverty and Linux-developers from march 2006: kerneltrap.org/node/6299
in EU:
The European Union has granted funding to a consortium of open source groups, consultants and research bodies to measure the quality of open source software. The Software Quality Observatory for Open Source Software (SQO-OSS) has been given € 3.2 million to build tools that will enable software companies and open source projects to benchmark the quality of their source code and prove its suitability for enterprise deployment. The project's backers are aiming to address one of the perceived barriers to entry in the adoption of open source software: proof that software which is free and publishes its source code can out-perform expensive, brand-marketed software. Among the aims of the initiative is the development of a plug-in based quality assessment platform, featuring a web and an IDE front-end. It will also attempt to develop a set of software metrics that will take into account quality indicators from data in an open source project's repository. Additional objectives include the publication of a league of open source software applications categorised by quality. All code generated by the initiative will be released under the BSD licence. Led by the Athens University of Economics and Business, consortium participants include Sirius Corporation, KDE e.V. and ProSyst in Germany, KDAB in Sweden and the Aristotle University of Thessaloniki in Greece. Professor Diomidis Spinellis, project lead, said: "An industry matures when its products become standardised commodities. "Through the objective evaluation of open source projects, the Software Quality Observatory will provide many smaller and lesser known projects with the visibility and respectability they deserve. source: www.sqo-oss.eu/news/coverage/eu-invests-20ac3-2m-to-boost-open-source author: Robert Jaques, www.vnunet.com, 19 Oct 2006, www.vnunet.com/vnunet/news/2166771/eu-stumps-boost-open-source
Post edited by: erkan, at: 2006/11/18 16:05
The administrator has disabled public write access.
