Source: Heise Security
The developers of Tor the internet anonymisation system, have announced that thanks to a Coverity analysis, they have removed a number of bugs and vulnerabilities. Coverity perform source code analysis of C, C++ and Java and in September 2008, found 171 problems in the Tor code base. By December 2008, the Tor developers had got the count down to 15 issues, and have now managed to reduce the bug count to 0. In announcing that they were Down to 0 issues on Coverity Scan, the developers said that using Coverity’s free of charge programme for scanning open source software for vulnerabilities had identified many issues which were “just sloppiness in our unit tests’ error handling”, but that number of the discovered issues were real bugs. This included some which could have caused crashing issues and that usually would have been hard to debug.