Code inspection puts Apache on par with commercial Web servers
The prevalent open-source version of the Apache Web server stacks up well with commercial Web servers in terms of the number of code defects, according to a study by Mountain View, Calif.-based automated software inspection service provider Reasoning Inc.
Reasoning recently inspected Apache V2.1 and compared it with other commercial Web servers that were at a similar stage of their development and found 31 code defects in 58,944 lines of code for a defect density of 0.53 per thousand lines of code. Commercial Web servers have a defect density of 0.51 per thousand lines.
Using its homegrown proprietary automated inspection software and processes for Java and C and C++ applications, Reasoning inspected the Apache code looking for memory leaks, NULL point dereference defects, bad deallocation, out-of-bounds array access and uninitialized variables. Reasoning found 29 instances of NULL point dereferences where expressions dereference a NULL pointer; the company also found two instances of uninitialized variables where a variable was not initialized prior to use.
[ Read more ]
- Review: Apache Server 2.0: The Complete Reference (2 May 2003)
- Article: Interview with Scott Hawkins, author or "Essential Apache for Web Professionals" (15 April 2003)
- Review: Essential Apache for Web Professionals (3 April 2003)
- Review: Apache Administrator's Handbook (16 January 2003)
- Article: Apache Chunk Handling Roundup (18 June 2002)
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.