Company claims Tizen contains thousands of programming errors

The maker of bug-detection software claims to have found programming errors in a small part of the code of Samsung’s Tizen 900. The company predicts that the final number of bugs in the software will be about 27,000.

The entire Tizen project of third-party libraries is 72.5 million lines of C and C++ code, so Andrey Karpov, founder of the company Program Verification Systems, decided to randomly pick several dozen projects to analyze with his product PVS-Studio . The bug-detection tool found 913 errors in 2,400,000 lines of code. Since he checked only 3.3 percent of the total, Karpov extrapolates to a total of about 27,000 bugs in code.

Karpov did not count the warnings from PVS studio, but actual errors that he believes should be fixed. Karpov classifies the bugs based on the Common Weakness Enumeration, but makes no statements about any vulnerabilities that could lead to abuse.

Karpov decided to take a closer look at Tizen after reading a report from Tizen Experts that Samsung is investing $10 million in using the Security Vulnerabilities and Critical Errors Detector from the Institute for System Programming of the Russian Academy of Sciences. Samsung hopes with this to remove the flaws from Tizen OS and to increase the quality and stability of the software. Karpov tried to sell PVS-Studio to Samsung, but it refused to use static analysis tools, stating that other tools can find other defects. The company denies that there may be 27,000 bugs in the code and claims that many reports concern minor issues.

Samsung hopes to use Tizen in more and more devices. It uses the software for smartwatches, TVs, refrigerators and air conditioners, but also wants to use the software for internet-of-things applications. It is not the first time that weaving errors in Tizen have been pointed out. In April, a security researcher called Tizen the “worst code I’ve ever seen.” He found 40 zero-day vulnerabilities in the operating system.