Accession Number:

ADA504935

Title:

The Open Source Hardening Project

Descriptive Note:

Final technical rept. Apr 2005-Jan 2009

Corporate Author:

STANFORD UNIV CA DEPT OF COMPUTER SCIENCE

Personal Author(s):

Report Date:

2009-07-01

Pagination or Media Count:

60.0

Abstract:

This effort has developed and deployed a broad range of tools for finding serious errors in code. They are designed to find large numbers of errors in large source bases quickly, and with few false reports. We validated these tools by suing them to find bugs in important open-source projects e.g., Linux, BSD, and many other widely-used projects. As a crucial part of doing so, we built and roan an ongoing open source hardening project that automatically applied our tools to these projects as a nightly regression and published the bugs in a developer-available database of errors. The benefits of automated, regular regressions are fourfold. First, it gave an objective, highly-visible validation that our tools work well on real code. Second, it provided corrective guidance to development, forcing tools to focus on what matters. Third, it strengthened on our relationships with developers on these projects, leading to among other things valuable user feedback, checking ideas, and from experience customer leads. Finally, and in some ways most important, it led to immediate improvements in the vast open-source infrastructure that serves as a foundation to much of the Nations computing environments.

Subject Categories:

  • Computer Programming and Software

Distribution Statement:

APPROVED FOR PUBLIC RELEASE