On Wed, Feb 4, 2009 at 11:23 AM, John Maddock <john@johnmaddock.co.uk> wrote:
I guess we would need a team of people willing to triage issues flagged up and then make contact with the appropriate library author: I'm guessing that while they cannot reveal the exact information provided by coverity they could say "there appears to be a potential buffer overrun on line #, can you please look into it?".
I didn't see a limit on the number of project members you could sign up, so potentially all library authors could be members.
From here: http://scan.coverity.com/faq.html#who
"Who can have access? Access to the detailed analysis results is permitted only to members of scanned projects, partially in order to ensure that potential security issues may be resolved before the general public sees them. Our approach is that of Responsible Disclosure. We provide the analysis results to project developers only, and do not reveal details to the public until an issue has been fixed. A portion of the defects discovered by the Scan could reveal exploitable security vulnerabilities." --Michael Fawcett