Security News > 2006 > August > A Coverity Eye on Firefox Code
http://www.internetnews.com/dev-news/article.php/3625496 By Sean Michael Kerner August 9, 2006 Mozilla has long relied on its community to help it identify bugs within applications. Now it has another ally in the fight against bugs. Internetnews.com has learned that Mozilla will announce that it is using Coverity's source code analysis software, which extends beyond the confines of Coverity's Department of Homeland Security grant to improve open source software code quality. Firefox is one of over 50 open source projects being analyzed as part of the DHS-sponsored study. the DHS sponsored study results. According to a release obtained by internetnews.com, Mozilla has deployed Coverity's source code analysis software in the development process of the Firefox Web browser. The hope is that with Coverity analysis in hand, Firefox developers can find flaws before software is released. "Firefox is the first open source project to put Coverity's software directly in the hands of its developers, allowing them to run customized analyses at will and ensure the quality of their codebase as it evolves," Coverity said in a statement. Coverity is hardly a stranger to the open source world. The firm's source code analysis has been used by Linux kernel developers and MySQL. As of this morning at 10:00 a.m. EST, the publicly available Coverity scan results page reports that since March 6, 2006, Firefox has fixed 327 defects. Mozilla is currently in the throes of developing its next major browser release, Firefox 2.0, which is currently at its Beta 1 release. The Beta 2 release was originally expected to appear on Aug. 8 but is now set for release on Aug. 15. Coverity-discovered bugs do not appear to be the main cause for the Beta 2 delay. According to the Mozilla meeting notes from Aug. 23, the visual refresh for Firefox that will appear in Beta 2 is responsible for 30 percent of the Firefox 2 blockers, with half related to code and the other half related to graphics issues. _________________________________ Visit the InfoSec News store! http://www.shopinfosecnews.org