Coverity found 88 "high-risk" defects in the Android kernel used in HTC's Droid Incredible smartphone.
App testing firm Coverity uncovered 88 high-risk defects in the source
code for the Android kernel used in HTC's
The data was collected for the "2010 Coverity Scan Open Source
Integrity Report." Although Coverity refrained from revealing
the specific defects, the company counts issues such as memory corruptions,
memory illegal accesses and resource leaks that can potentially lead to
security vulnerabilities or system crashes as high risk.
Coverity said it has notified HTC of the
issues. In all, the firm found 359 defects in the Android kernel used in HTC
Droid Incredible. The good news is that the Android kernel has a defect density
of 0.47 defects
per 1,000 lines of code, which is better than the industry average of one
defect per l,000 lines of code.
"The defects we found were in the Android kernel as configured for the HTC
Droid Incredible, but there are many more vendors than Google and HTC
that contributed code into the kernel," said Coverity co-founder Andy
Chou. "There is a complex supply chain for all modern software, and
smartphone software is a good example of this complexity. The Android
kernel code is derived from the Linux kernel, which has thousands of
contributors from the open-source community and commercial companies."
In addition to the issues affecting HTC
Droid Incredible, the report includes analysis of more than 60 million lines of
code from 291 of the most widely used open-source projects, including Firefox
and Apache. A total of 15,278 defects were found, according to the report.
"We are hoping that this report will shed some light on this issue and
show that ultimately, for consumers, defects are defects, no matter where the
code comes from," Chou said.
Editor's Note: A previous version of the story incorrectly reported the
defect density of the analyzed Android kernel.