• Intel
  • Microsoft
  • Google
  • Sun Microsystems
  • BT
  • IBM
  • Yahoo! Inc.
  • Zimbra
  • Atlassian Software Systems
  • Disney
  • EnterpriseDB
  • Etelos
  • Ingres
  • JasperSoft
  • Kablink
  • Linagora
  • MindTouch
  • Mozilla Corporation
  • Novell, Inc.
  • Open Invention Network
  • OpSource
  • RightScale
  • Silicon Mechanics
  • Tenth Planet
  • Ticketmaster
  • Voiceroute
  • White Oak Technologies, Inc.
  • XAware
  • ZDNet

Sponsorship Opportunities

For information on exhibition and sponsorship opportunities at the conference, contact Sharon Cordesse at scordesse@oreilly.com.

Media Partner Opportunities

Download the Media & Promotional Partner Brochure (PDF) for more information on trade opportunities with O'Reilly conferences, or contact mediapartners@oreilly.com.

Press and Media

For media-related inquiries, contact Maureen Jennings at maureen@oreilly.com.

OSCON Newsletter

To stay abreast of conference news and to receive email notification when registration opens, please sign up for the OSCON newsletter (login required).

Contact Us

View a complete list of OSCON 2008 Contacts

How to Improve Quality and Security Automatically in Your Open Source Projects with Static Analysis

Programming, Tutorial
Location: D139/140 Level: Intermediate
Average rating: ***..
(3.80, 5 ratings)

Sponsored by the U.S. Department of Homeland Security to improve the quality and security of open source code, the Scan site has helped open source developers find and fix over 7,500 defects in the past two years. In this session, representatives from the Scan site will demonstrate how developers can use static source code analysis at the site on their open source projects to help discover critical security and quality defects.

David Maxwell, operator of the Scan site, a developer in the NetBSD project, and open source strategist at Coverity, will host this tutorial to demonstrate how the Scan site works. Participants will learn:

• How to use the tools on the open source Scan site
• How to run builds of their projects and submit their projects for analysis
• How to use the results of the analysis to identify and eliminate quality and security defects in their code

Attendees will also receive the software needed to do builds of their codebase, and submit them for analysis and inclusion on the Scan web site.

Photo of David Maxwell

David Maxwell

Coverity, Inc.

David is Coverity’s Open Source Strategist. He is responsible for Scan and other open source efforts for Coverity.

David was first exposed to the Prevent analysis results before the Scan project was launched. Results had been made available to The FreeBSD Project, and led to many defects being fixed in FreeBSD. David is a developer in The NetBSD Project. On behalf of NetBSD, David contacted Coverity to request an analysis of the NetBSD sources.

After the tremendous tangible benefit to open source projects from Scan’s first year, Coverity decided to hire someone from the open source community to manage the further expansion of the Scan project. David is that representative, and is looking forward to providing results to many more open source projects.

OSCON 2008