generated from ossf/project-template
-
Notifications
You must be signed in to change notification settings - Fork 52
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Comment: Added report for October 2023.
Signed-off-by: OpenRefactory, Inc <[email protected]>
- Loading branch information
1 parent
662e815
commit f67c24c
Showing
2 changed files
with
53 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| # OpenRefactory Update: October 2023 | ||
|
|
||
| ## Scan Results | ||
| Link to results: https://docs.google.com/spreadsheets/d/1K8dc6SrSEoqqh46cFisZM1tiN4CigaXsqkCKfCM8UTs/edit#gid=228743971 | ||
|
|
||
| In the month of October, the engineers at OpenRefactory focused on Python, Java, and Go projects. We first show the work done during October. This is followed by the cumulative results. Finally we show language specific breakdown of the cumulative results. | ||
|
|
||
| ### October | ||
| | Month | Oct 2023 | | ||
| |--------------------------------------|----------| | ||
| | Projects analyzed | 351 | | ||
| | Projects with no bugs | 320 | | ||
| | Total bugs filed | 38 | | ||
| | Security/Reliability bugs filed | 20 | | ||
| | Bugs with a fix suggestion | 30 | | ||
| | Bugs with a PoC exploit | 5 | | ||
| | Fixes merged by maintainers | 16 | | ||
| | Security/Reliablity fixes mergeed | 8 | | ||
| | Fixes ignored by maintainers | 0 | | ||
| | Reports still open | 4 | | ||
|
|
||
|
|
||
| ### Cumulative Data | ||
| | Month | Aug 2023 | Sep 2023 | Oct 2023 | | ||
| |--------------------------------------|--------------|--------------|----------| | ||
| | Projects analyzed | 132 | 458 | 809 | | ||
| | Projects with no bugs | 98 | 398 | 718 | | ||
| | Total bugs filed | 33 | 75 | 113 | | ||
| | Security/Reliability bugs filed | 12 | 23 | 43 | | ||
| | Bugs with a fix suggestion | 26 | 64 | 94 | | ||
| | Bugs with a PoC exploit | 6 | 13 | 18 | | ||
| | Fixes merged by maintainers | 15 (45%) | 38 (51%) | 54 (48%) | | ||
| | Security/Reliability fixes merged | Not measured | Not measured | 13 (30%) | | ||
| | Fixes ignored by maintainers | Not measured | 8 (11%) | 7 (6%) | | ||
| | Reports still open | Not measured | 29 (39%) | 33 (29%) | | ||
|
|
||
|
|
||
| ### Language Specific Data | ||
| | Language | Python | Java | Go | TOTAL | | ||
| | ---------------------------------------------- | ------ | ---- | -- | ----- | | ||
| | \# of total projects analyzed | 694 | 79 | 36 | 809 | | ||
| | \# of total zerofix projects | 622 | 67 | 29 | 718 | | ||
| | \# of total bugs filed | 92 | 13 | 8 | 113 | | ||
| | \# of total security/reliablity bugs filed | 32 | 7 | 4 | 43 | | ||
| | \# of total bugs with fix suggestion | 83 | 6 | 5 | 94 | | ||
| | \# of total POC exploit | 14 | 4 | 0 | 18 | | ||
| | \# of total merged fixes | 47 | 3 | 4 | 54 | | ||
| | \# of total merged security/reliability fixes | 9 | 2 | 2 | 13 | | ||
| | \# of total ignored/rejected fixes | 6 | 1 | 0 | 7 | | ||
| | \# of total open fixes | 30 | 2 | 1 | 33 | | ||
|
|
||
| In October, 20 new security and reliability bugs were filed, including various injection issues, weak cryptography issues, unsafe library calls (mktemp) related issues, file permission issues, data races and null pointer dereferences. |