Mailinglist Archive: opensuse (1470 mails)

< Previous Next >
Re: [opensuse] Now what? Glibc bug, vulnerability
On Thu, Feb 18, 2016 at 10:58 AM, sdm <fastcpu@xxxxxxxxxxxxxxx> wrote:
On 02/18/2016 07:48 AM, Ruben Safir wrote:

On 02/17/2016 03:52 PM, Greg Freemyer wrote:

Coverty has
been scanning the linux kernel and other open source projects for
years and sending out warnings/patches when they find issues.


and covertys warns are mostly BS.

I'm curious. Coverty has been sending out linux kernel reports since
2006 (10 years). With each scan I believe they report both still
existing issues and newly identified issues.

Are you saying:

- Most of the still unfixed Coverty identified issues are BS.

- Most of the newly identified issues are BS


It sounds like marketing. "Hey look at what we found".."buy our product"!

Possibly, but Coverty Linux Kernel Scans were funded originally (in
2006) by US Homeland Security as a way to provide public knowledge
about the quality of opensource projects such as the Linux kernel.

I can't say how good or bad Coverty is, but DHS's original goal was to
make open source projects more security risk aware. DHS only provided
funding for a few years. Since 2010 or so, Coverty has been doing it
for free so it could be claimed they continue to provide the service
as a marketing effort.

Regardless, there are tons of patches that go into the linux kernel
each year just to address issues identified by the Coverty Scanner. I
assume that is because at least a portion of the newly identified
issues are real.

Greg
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups