[offtopic] Coverity . . .

Kuba Ober kuba at mareimbrium.org
Wed Apr 19 19:18:36 BST 2006

> I wouldn't worry about how Coverity decides to market and expose their
> product, unless it affects KDE.
> That's how I see it.

Sure. I just think that while what they are doing with analysis and all might 
be perceived as "mostly good thing", there's a little spin to it. Just wanted 
to keep it in a fair perspective.

BTW, it does affect KDE since they indirectly use KDE as their marketing tool 
(see e.g. scan.coverity.com). The mentioned page is a page of "pure facts", 
sure, but just like media use facts to spin things their way, so do most 
other marketing campaigns. Coverity is no exception here.

Heck, they actually end up posting security holes as their news releases (say 
the X.org privilege escalation hole). One could bet that in a few months KDE 
might end up in one of their PR releases. Those are pure marketing devices, 
no one would bother with them otherwise.

Besides, they are not even doing it for free. There's a contract with DHS 
involved, so one supposes they got decently paid for their efforts.

So what this all boils down to is that not only OSS projects like KDE end up 
being indirectly used by Coverity as marketing devices, Coverity got *paid* 
for all that. I'm leaving aside the question of why DHS (thus U.S. taxpayers) 
are in effect paying for Coverity's marketing.

If someone still insists this doesn't affect KDE, then I don't know what does. 
The next step would be MS re-posting Coverity's PR to give a positive spin on 
the "security" of Windows . . .

Is there a better kde mailing list to move this thread to?

Cheers, Kuba

More information about the kde-core-devel mailing list