[openssl-users] Coverity Scan projects for OpenSSL?

Jeffrey Walton noloader at gmail.com
Fri Sep 30 18:23:10 UTC 2016


> openssl/openssl is for current maser.
> OpenSSL_release is for 1.0.2
>
> Note1: we might review that now that 1.1.0 has been released.
>
> Note2: we recently changed our policy on Coverity access. Previously we
> did not typically allow access to the defect reports. Now we allow
> Defect viewer access to anyone that requests it.

These numbers are outstanding.

    Defect Density - 0.02
    Outstanding Defects - 4

Why aren't you announcing them?

You might also consider providing an announcement when new results are
available at a significant point in time for those interested in this
sort of thing. "Significant point in time" might be after a major
merge or passing through the release process security gate.

The announcement also raises awareness for the folks who are not
following the project on Coverity Scan. Ideally, your announcement
would be picked up by users of OpenSSL. They would register their
projects and start raising the bar in their software, too.

Jeff


More information about the openssl-users mailing list