[Python-Dev] Coverity Open Source Defect Scan of Python

2006-03-06 Thread Ben Chelf 
Hello Python Developers,

   I'm the CTO of Coverity, Inc., a company that does static source code 
analysis to look for defects in code. You may have heard of us or of our 
technology from its days at Stanford (the "Stanford Checker"). The 
reason I'm writing is because we have set up a framework internally to 
continually scan open source projects and provide the results of our 
analysis back to the developers of those projects. Python is one of the 
32 projects currently scanned at:

http://scan.coverity.com

   My belief is that we (Coverity) must reach out to the developers of 
these packages (you) in order to make progress in actually fixing the 
defects that we happen to find, so this is my first step in that 
mission. Of course, I think Coverity technology is great, but I want to 
hear what you think and that's why I worked with folks at Coverity to 
put this infrastructure in place. The process is simple -- it checks out 
your code each night from your repository and scans it so you can always 
see the latest results.

   Right now, we're guarding access to the actual defects that we report 
for a couple of reasons: (1) We think that you, as developers of Python, 
should have the chance to look at the defects we find to patch them 
before random other folks get to see what we found and (2) From a 
support perspective, we want to make sure that we have the appropriate 
time to engage with those who want to use the results to fix the code. 
Because of this second point, I'd ask that if you are interested in 
really digging into the results a bit further for your project, please 
have a couple of core maintainers (or group nominated individuals) reach 
out to me to request access. As this is a new process for us and still 
involves a small number of packages, I want to make sure that I 
personally can be involved with the activity that is generated from this 
effort.

   So I'm basically asking for people who want to play around with some 
cool new technology to help make source code better. If this interests 
you, please feel free to reach out to me directly. And of course, if 
there are other packages you care about that aren't currently on the 
list, I want to know about those too.

   If this is the wrong list, my sincerest apologies and please let me 
know where would be a more appropriate forum for this type of message.

Many thanks for reading this far...

-ben

  Ben Chelf
  Chief Technology Officer
  Coverity, Inc.
___
Python-Dev mailing list
[email protected]
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Re: [Python-Dev] Coverity Open Source Defect Scan of Python

2006-03-11 Thread Ben Chelf 


> The Coverty marketing droids need to be a bit less anal about getting
> people to register at the website.  IMHO, the technology should be

Honestly, I laughed out loud when I read this. ;) So thanks for that.

> 
> I'd also encourage Coventry to explain their business model a bit more
> clearly.  Coventry seems to be supportive of open source projects.  
> Coverty also seems to be targeting big companies as customers.  It's not
> clear how arbitrary open source projects (and small companies and
> individuals) will be able to take advantage of Coventry's products and
> services.
> 

Here's my take on this -- in the last couple of years, I've personally 
been to hundreds of companies (some big, some small) in an effort to get 
our technology out there. Of course it's no surprise that I see open 
source projects everywhere -- as part of infrastructure or part of code 
bases that people are developing. So from a Coverity perspective, 
clearly we want to provide source code analysis for the projects that 
our customers care about (their own as well as open source).

Putting on my idealistic hat and remembering back my grad school days, I 
think we're on to something very new in the world of source code 
analysis. I really just want every developer to use source code analysis 
while they write code (remember, idealistic :)). We got a lot of the 
good publicity in the research lab because there existed this big open 
source OS that we could test our theories on. So from that angle, I 
think it makes sense for Coverity to have a strong relationship with the 
open source community since that community has been helping us pretty 
much since day 1. This project is just the next step in that...it's 
certainly not the last.

There's plenty more to do to target every developer.

-ben
___
Python-Dev mailing list
[email protected]
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com