---

Home Developer

Finding Linux Bugs Before they Become Exploits

By Andy Patrizio

“It’s not everyday that there is a public security exploit
published for the Linux kernel, yet that is what happened in early
July. Though the flaw itself was patched in the mainline Linux
kernel several weeks prior to the public exploit code being
published, not all users may have patched. It could have been a lot
worse.

“The issue of patching aside, the public exploit could easily
have been a zero day exploit on the Linux kernel itself, were it
not for the fact that the bug that enables the exploit was caught
by a scan from code scanning vendor Coverity. The Linux kernel has
been actively scanned by Coverity since at least 2004 in an effort
to find bugs and improve code quality.

“”Our builds were broken in February and March so we didn’t see
it immediately when the code was first committed,” David Maxwell,
open source strategist for Coverity told InternetNews.com “But
we’ve had it flagged in the system since March and it was fixed on
the fifth of July.”


Complete Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.