Code inspection puts Apache on par with commercial Web servers

Wednesday, 2 July 2003, 7:03 AM EST

The prevalent open-source version of the Apache Web server stacks up well with commercial Web servers in terms of the number of code defects, according to a study by Mountain View, Calif.-based automated software inspection service provider Reasoning Inc.

Reasoning recently inspected Apache V2.1 and compared it with other commercial Web servers that were at a similar stage of their development and found 31 code defects in 58,944 lines of code for a defect density of 0.53 per thousand lines of code. Commercial Web servers have a defect density of 0.51 per thousand lines.

Using its homegrown proprietary automated inspection software and processes for Java and C and C++ applications, Reasoning inspected the Apache code looking for memory leaks, NULL point dereference defects, bad deallocation, out-of-bounds array access and uninitialized variables. Reasoning found 29 instances of NULL point dereferences where expressions dereference a NULL pointer; the company also found two instances of uninitialized variables where a variable was not initialized prior to use.

[ Read more ]

Related items


Cloned, booby-trapped Dark Web sites steal bitcoins, login credentials

Apart from being a way for dissidents and journalists to do their business without being spotted and identified by "the powers that be", the Dark Web is also a place where criminals sell and buy illegal wares and services and, apparently, where they also get robbed by scammers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Jul 3rd