January 9th, 2008
Coverity work spun backward
Coverity is doing what we in the South call the Lord’s Work, checking major open source code for common problems, helping make things more secure.
I just wish headline writers would understand this is a good thing. It’s a good thing for open source.
11 open source programs certified as secure. That is Robert Vamosi’s headline over at News.Com. As if all the others are insecure? As if closed source programs are, by definition, secure?
That’s far from the most egregious headline. Open Source Code Contains Security Holes. That’s from “Information” Week. I put the term “Information” in quotes because that headline is deliberately misinformative.
As Coverity CEO Robert Rachwald Seth Hallem told me a year ago Coverity isn’t doing this just out of the goodness of its heart, although its heart is big and its intentions honorable.
It’s doing this to win contracts for checking other software, proprietary software subject to the same flaws, but whose work won’t be publicized.
And it’s getting paid to do this work, by the U.S. Department of Homeland Security, which has an interest in having our Internet infrastructure protected against attack by evil-doers.
An ability to acknowledge flaws is a strength of open source, yet too many in the computer media are portraying it as a weakness.
Closed source code is just as buggy, just as flawed, as these open source projects were before Coverity started working with them.
Quite likely most of these programs still are, since I doubt Coverity has run every proprietary program in the world through its system. The difference is you aren’t being told, and the programs aren’t being fixed.
Maybe some in this business just want to cover politics.
Dana Blankenhorn has been a business journalist for 30 years, a tech freelancer since 1983. You can follow Dana on Twitter. See his full profile and disclosure of his industry affiliations.
Subscribe to Linux and Open Source via Email alerts or RSS.
