mysql| Data | Database CNET science and Information Network February 5 International Report according to software evaluation company Coverity Friday (January 4), through the open source database used by many websites--mysql's source code analysis, found that its vulnerabilities than other commercial database code loopholes.
According to Coverity's report, Coverity used its own research and development software tools for evaluation. There are only 97 vulnerabilities found in the MySQL database, and at least one vulnerability can cause serious security problems. According to Coverity company CEO Seth Hallem, these vulnerabilities are very small compared to the vulnerabilities of most commercial software codes.
Seth Hallem said: "In terms of the industry average, MySQL is excellent." ”
Source code analysis tools like the Coverity company have quickly become a prerequisite for software developers. Microsoft also uses its own tools to evaluate software, find bugs, and reduce security vulnerabilities. Other companies, such as ounce labs and reflective, sell their software analysis tools to large companies. Coverity's clients are Cisco and Oracle.
MySQL was developed by a Swedish company. According to Zack Urlocker, vice president of marketing at MySQL, the company contacted Coverity and asked them to help with the evaluation, and we have patched up the vulnerabilities found.
But the analysis software is not omnipotent. This kind of software can only effectively find that some kind of software always. In most cases, some defects may be overlooked, but may be discovered by external hackers or independent security agencies. Removing bugs is not the only use of profiling software. Many IT professionals use analytical software to compare the pros and cons of two types of code.
Hallem said that less than 100 bugs were found in MySQL, indicating that the open source database was better coded.
According to the Software Engineering Institute of Carnegie Mellon University (Carnegie University), the average number of 1-7 bugs per 1000 lines of code in commercial software is found. And Coverity's analysis shows that in the MySQL database, an average of 4000 lines of code found a bug.
Coverity previously evaluated the Linux kernel and found that there were 985 bugs in the most recent Linux kernel with 5.7 million lines of code, with less than 1 bugs in 10,000 lines of code.