Code inspection puts Apache on par with commercial Web servers

Wednesday, 2 July 2003, 7:03 AM EST

The prevalent open-source version of the Apache Web server stacks up well with commercial Web servers in terms of the number of code defects, according to a study by Mountain View, Calif.-based automated software inspection service provider Reasoning Inc.

Reasoning recently inspected Apache V2.1 and compared it with other commercial Web servers that were at a similar stage of their development and found 31 code defects in 58,944 lines of code for a defect density of 0.53 per thousand lines of code. Commercial Web servers have a defect density of 0.51 per thousand lines.

Using its homegrown proprietary automated inspection software and processes for Java and C and C++ applications, Reasoning inspected the Apache code looking for memory leaks, NULL point dereference defects, bad deallocation, out-of-bounds array access and uninitialized variables. Reasoning found 29 instances of NULL point dereferences where expressions dereference a NULL pointer; the company also found two instances of uninitialized variables where a variable was not initialized prior to use.

[ Read more ]

Related items




Spotlight

Windows 0-day exploited in ongoing attacks, temporary workarounds offered

Posted on 22 October 2014.  |  A new Windows zero-day vulnerability is being actively exploited in the wild and is primarily a risk to users on servers and workstations that open documents with embedded OLE objects.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //