: [SC-L] Open Source Code Contains Security Holes -- Open Source --
InformationWeek
SC-L,
I imagine many of you have seen the results of Coverity's DHS-funded scan of a
*bunch* of open source projects:
http://www.informationweek.com/story/showArticle.jhtml?articleID=205600229cid=RSSfeed_IWK_All
Another question is how many of the reported bugs wound up being false
positives. Through casual conversations with some vendor (I forget whom),
it became clear that the massive number of reported issues was very
time-consuming to deal with, and not always productive. Of course this is
no