Tor anonymous network now has zero known bugs
The developers of Tor the internet anonymisation system, have announced that thanks to a Coverity analysis, they have removed a number of bugs and vulnerabilities. Coverity perform source code analysis of C, C++ and Java and in September 2008, found 171 problems in the Tor code base. By December 2008, the Tor developers had got the count down to 15 issues, and have now managed to reduce the bug count to 0. In announcing that they were Down to 0 issues on Coverity Scan, the developers said that using Coverity's free of charge programme for scanning open source software for vulnerabilities had identified many issues which were "just sloppiness in our unit tests' error handling", but that number of the discovered issues were real bugs. This included some which could have caused crashing issues and that usually would have been hard to debug.
Coverity received funding from the US Department of Homeland Security in 2006 as part of a three year project to analyse open source software for vulnerabilities, though at the time the focus was on Linux, the Apache web server, the Bind DNS server and Firefox. Tor itself is designed to protect users from traffic analysis by bouncing communications around a distributed network of relays. The software is designed to provide internet anonymity to journalists, bloggers, human rights workers and others who need it, to protect their physical freedom and safety.