13 Jul 2017
A company wanted to pitch their bug finding code to a big Samsung, and what better way to show the value of a product than to run it on Samsung’s software? When Andrew Karpov of Program Verification Systems checked Samsung Tizen, the open-source Linux-based operating system powering a ton of Samsung products, including TVs, mobile phones, cameras, computers, and smart devices, what the software, PVS-Studio, found was downright scary.
PVS-Studio only scanned a little over 3% of Tizen’s code, and in that small sampling found about 900 bugs in it. Regular use of the code, it’s thought, will reveal anywhere from 27,000 to 250,000 bugs.
Bugs and coding errors do not, of course, automatically mean there are that many vulnerabilities. However, some bugs could be vulnerabilities that could be exploited by hackers. In the sample size alone, PVS said they found over 50 errors, all but one of which are from third-party libraries Tizen makes use of.
Samsung responded to an open letter saying they have their own tools they use and disagree that there are that many coding errors in Tizen.
Tizen has had some trouble before. Dozens of zero-day vulnerabilities were found in the operating system just a few months ago.