A new study has found Linux kernel vunerabilities are becoming less frequent while the amount of code actually grows.
In December, Coverity looked at version 2.6.9 of the Linux kernel, the heart of the open-source operating system, and found six critical defects in the core file system and networking code. In July, the code analysis company scanned the latest version of the Linux kernel, version 2.6.12, and found no such programming errors, Coverity CEO Seth Hallem said.
However, 1,008 defects were discovered in other parts of version 2.6.12. These coding problems, which could indicate security flaws, rest mainly in drivers, Hallem said. That's a slight increase compared with the earlier analysis, when 985 total defects were found, according to San Francisco-based Coverity.
"The bugs that we reported that were in critical pieces of the kernel were fixed," Hallem said. "At the same time, people still write buggy code. As new code gets introduced, there are new bugs."
As a result, the overall bug density--the number of bugs per thousand lines of code--only decreased from 0.17 defects to 0.16 defects, according to Coverity's scan.
http://www.linuxlinks.com/portal/news/article.php?story=20050805055000528