While at OSCON, I had the opportunity to meet and chat with David Maxwell, who is in charge of Coverity's open source offerring. We chatted about some of the previous results from our Coverity scans. I explained to him that we hadn't been using it much, and that we needed to probably do an updated scan soon. In short, this email is both a notification, and request for information from the developers. The notification part is that I plan to setup my Coverity scan environment again, and run an entire "alpha" image build through it. I will get this published ASAP. FWIW, we are still using the "old" version of their software. I was told by David that for projects on "Rung 1" who have many issues left, they usually leave them on the old software because the newer versions of their software reports tremendously more issues and will usually overwhelm the developers (his words, not mine). Given that our initial scan found some ~1400 potential issues, I believe it. So, this means we'll need to go through all of the currently reported issues and either mark them as "FALSE" if they are a false-positive, "IGNORE" if we don't plan to fix them (for example, if they are in 3rd party libs that we don't care about), or whatever. Issues in prior runs that no longer exist should probably be marked as either "RESOLVED" or "IGNORE" i guess (if they were in code that has been rewritten/replaced, I suppose). If there's anything I can do to help this process, let me know. I would gladly start evaluating issues, changing their status, and assigning them if we can come up with some basic rules. Unfortunately I have less chance of identifying a true false-positive. Now, I also need to ask for a list of developers with commit access who wish to have a Coverity login to view results. I will need a username, full name, and email address for each individual who would like access. If you already have an account for our results, you don't need to respond :) For those who have forgotten, the link to our Coverity login is: http://scan.coverity.com:9065/ BTW, I was asked if the results helped and I told him that we were able to fix several subtle issues that increased the stability of various areas of Haiku, can anyone name a couple areas that benefited directly? I think there were some issues resolved in the VM, and the USB stack at least, but I don't remember offhand. One last request: David was wondering if any of the core developers were interested in a Q&A/Interview where he could ask some questions about the focus of quality and security for Haiku. Anyone interested? He asked me if I could do it, but I don't feel qualified. Thanks, let me know if there are any questions, Urias McCullough