Accession Number : ADA504935


Title :   The Open Source Hardening Project


Descriptive Note : Final technical rept. Apr 2005-Jan 2009


Corporate Author : STANFORD UNIV CA DEPT OF COMPUTER SCIENCE


Personal Author(s) : Engler, Dawson ; Dill, David


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/a504935.pdf


Report Date : Jul 2009


Pagination or Media Count : 60


Abstract : This effort has developed and deployed a broad range of tools for finding serious errors in code. They are designed to find large numbers of errors in large source bases quickly, and with few false reports. We validated these tools by suing them to find bugs in important open-source projects (e.g., Linux, BSD, and many other widely-used projects). As a crucial part of doing so, we built and roan an ongoing open source hardening project that automatically applied our tools to these projects as a nightly regression and published the bugs in a developer-available database of errors. The benefits of automated, regular regressions are fourfold. First, it gave an objective, highly-visible validation that our tools work well on real code. Second, it provided corrective guidance to development, forcing tools to focus on what matters. Third, it strengthened on our relationships with developers on these projects, leading to (among other things) valuable user feedback, checking ideas, and (from experience) customer leads. Finally, and in some ways most important, it led to immediate improvements in the vast open-source infrastructure that serves as a foundation to much of the Nation's computing environments.


Descriptors :   *ERRORS , *CODING , REGRESSION ANALYSIS , SOFTWARE TOOLS , USER NEEDS , INFRASTRUCTURE , VALIDATION , DATA BASES , FEEDBACK


Subject Categories : Computer Programming and Software


Distribution Statement : APPROVED FOR PUBLIC RELEASE