Wireshark · Ethereal-dev: Re: [Ethereal-dev] Coverity Open Source Defect Scan of Ethereal

Ethereal-dev: Re: [Ethereal-dev] Coverity Open Source Defect Scan of Ethereal

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Mon, 06 Mar 2006 11:59:06 -0800

Andreas Sikkema wrote:

BTW, we have a lower defect rate than most of the projects on the list
including Apache, Firefox, FreeBSD, gcc, Gnome, Linux 2.6, OpenSSL,
Perl, and Python.  Of the projects > 1M lines of code, we have the
lowest defect rate by far.  Heh.


As mentioned on lwn.net http://lwn.net/Articles/174426/:

"On the other hand, ethereal shows a very low defect rate, which can behard to square with the long list of security advisories from that

project."

If we stopped issuing security advisories, we could make it easier tounderstand those results. :-)

I.e., as Gerald noted, that might be a disadvantage of being somewhatvigorous about finding problems with, for example, the fuzz testing.

References:
- RE: [Ethereal-dev] Coverity Open Source Defect Scan of Ethereal
  - From: Andreas Sikkema

Prev by Date: [Ethereal-dev] Update on packet-scsi
Next by Date: SV: [Ethereal-dev] Update on packet-scsi
Previous by thread: [Ethereal-dev] Re: Coverity Open Source Defect Scan of Ethereal
Next by thread: RE: [Ethereal-dev] Wrong decoding of PER Enumerated type with extension?
Index(es):
- Date
- Thread