On Tue, Dec 11, 2012 at 8:30 PM, Gary Grebus <[email protected]> wrote: > Hi, > > I recently started building OpenSSL 1.0.1c in one of our source pools > that is scanned with Coverity, and was surprised at the large number of > issues that were reported. There was a significant increase even from > an earlier version we were using. > > What is the status of OpenSSL with regard to Coverity coverage? Are > there a large number of known false positives? Is there any regular > activity to identify and fix real defects?
Coverity used to, and perhaps still do, run scans of OpenSSL, which we had (have?) access to. I used to look at them and fix relevant ones, but got irritated with the false positive level in the end. If Coverity were interested in fixing their bugs, I might get interested in looking at their reports again. > > Thanks, > Gary > --- > Gary Grebus > Dell Inc. / EqualLogic Storage > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [email protected] > Automated List Manager [email protected] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
