Open source contains many security holes

According to the US Department of Homeland Security, open source always tends to have a serious error every 1000 lines of code, thereby allowing hackers to exploit the system.

The statement was made in a project to assess the safety of open source conducted by the US Department of Homeland Security. Accordingly popular open source projects such as Samba, PHP, Perl and Tcl have dynamic language sections used for all websites today; and Amanda, an open source data backup and recovery software that runs on half of worldwide servers today, has been found to contain dozens or hundreds of deadly security holes.

A total of 7,826 open source security flaws have been fixed by the Ministry. On average every two hours the ministry overcomes a gap since this open source evaluation project.

Prevent Software Quality System, along with the US Department of Homeland Security, says projects like Samba will also fix themselves, according to Maxwell, Coverity's open source strategist. The vulnerability was discovered. There were 236 security flaws discovered by Samba, much less than this app's 450,000 lines of code. Among 236 errors, 228 security errors were fixed.

In March 2006, the US Department of Homeland Security awarded Coverity $ 300,000 to evaluate the code of 180 open source projects commonly used by government developers and web developers.

In addition to Samba, Linux also has a smaller error rate than other open source projects. 2.6 Linux kernel version has a 0.127 error rate on 1000 lines of code. This kernel has a total of 3,639,322 lines of code; and 462 errors were discovered. Of these, 413 were confirmed and corrected, 48 were confirmed but not repaired.

Meanwhile, FreeBSD (sometimes considered a replacement for Linux) has the lowest repair level. Of a total of 1,582,166 lines of code, FreeBSD has not corrected a single error, only confirmed 6 errors.

Picture 1 of Open source contains many security holes The Apache Web server has 135,916 lines of code, with an error rate of 0.14 bugs per 1000 lines of code. Three errors were fixed; 7 errors confirmed but not corrected; and 12 errors are still in the validation and repair process.

PostgreSQL database system has 909,148 lines of code with the error rate of 0.041. 53 errors corrected; no errors have been confirmed and have not been corrected; 37 errors are still being confirmed and corrected.

Gnu C Library has 83 bugs that have been fixed, and no errors have not been fixed. This library is used by many open source programmers when working with Linux. Gnu C Library (588,931 lines of code) is one of the few open source projects that has almost zero error levels.

Linux user interface is also included in the review. Specifically, the KDE interface contains 4,712,273 lines of code; there were 1,554 errors detected; 25 errors were confirmed and 65 unconfirmed errors. Gnome has 430,809 lines of code; 357 errors corrected; 5 confirmed and 214 unconfirmed errors.

OpenVPN, the application connects securely to the central office network, also confirms a total error of 69,223 lines of code but has not been fixed.

OpenSSL, Secure Sockets Layer's open source form, fixed 24 errors; Confirm 1 and 24 unconfirmed errors out of 221,194 lines of code.

Van Han