MozillaZine

Mozilla Using Coverity to Scan Mozilla Source Code for Defects

Sunday August 13th, 2006

According to CNET News.com, Monday will see the Mozilla Foundation and Coverity jointly announce that Coverity tools are being used to scan Mozilla source code for defects. The report quotes Coverity chief technology officer Ben Chelf, who says that the Mozilla Foundation licensed Coverity Prevent, an application that analyses software code for bugs, early last year. The deal was not announced at the time because the Mozilla Foundation wanted to ensure the Coverity product actually got results before going public. Although no official announcement has been made yet, the Mozilla Foundation has not attempted to hide its use of Coverity. Brendan Eich first discussed using Coverity to scan Mozilla source code in January 2005 and indicated that the Mozilla Foundation had made contact with the vendor in the fourth quarter of 2004. Coverity has been mentioned in hundreds of Bugzilla bug reports and a Bugzilla keyword has existed to tag bugs found with the company's tools since last year. Henrik Gemal wrote a weblog post about Mozilla's use of Coverity in May this year. In January, the US Department of Homeland Security gave Coverity, Stanford University and Symantec $1.24 million to search for security bugs in dozens of open-source software projects, including Mozilla Firefox and Mozilla Thunderbird (News.com's report on the DHS open source security initiative has more details about the three-year programme). According to scan.coverity.com, 298 Firefox security bugs have been discovered and fixed as a result of the project since March 6th. It is not immediately clear how the Mozilla Foundation's own use of Coverity relates to the DHS initiative.


#1 Coverity good.

by PeteTehDuck

Monday August 21st, 2006 9:37 AM

Reply to this message

The more eyes the better

#2 Not immediately clear...

by mlefevre

Monday August 21st, 2006 10:07 AM

Reply to this message

"It is not immediately clear how the Mozilla Foundation's own use of Coverity relates to the DHS initiative."

Don't suppose there any chance of someone at Mozilla clarifying if there is any connection between the two, or if the DHS is just doing their own thing independently?

#3 No

by thelem

Friday September 1st, 2006 6:43 PM

Reply to this message

Firefox is the replacement for the browser part of Mozilla Thunderbird is the replacement for the email part, and Sunbird for the calendar.

See <http://www.mozilla.com>

#4 resource

by leejas

Wednesday December 10th, 2008 8:41 AM

Reply to this message