Any conviction that open source software (OSS) is somehow inferior to proprietary code, or vice versa, depending on which side of the development fence you sit, is being dispelled by a report from Coverity.
The company has been scanning millions of lines of open source code for its 2011 Coverity Scan Open Source Integrity Report. The results show that the free code quality is on a par with in-house-developed products.
The company said that this year’s study has been massively upgraded with the introduction of the Coverity 5 development testing platform. The new analysis engine incorporates advances in static analysis to improve results and find more defects in any code under test.
On running the scans, it was found that the average defect density (number of defects per 1,000 lines) for open source was 0.45. In the proprietary code the same scan produced an index of 0.64. In both cases this is better than the 1.0 average defect density measured in commercial software.
The cleanest code was found to be Linux 2.6, PHP 5.3, and PostgreSQL 9.1 which weighed in at 0.62, 0.20 and 0.21 respectively. Coverity said that this recognised superior code quality defines the projects as industry benchmarks.
Rasmus Lerdorf, creator of PHP, said: “The quality of our code is critical to the ongoing success and adoption of PHP, which includes some of the world’s most popular Web sites. As our code grows and becomes more complex, Scan will become even more important for us as a way to help improve our code quality.”
To balance the results, the company compared projects of similar size in the open source and proprietary fields. Choosing codebases of around seven million lines, the defect density was roughly the same at 0.62. The parity is put down to progressive software testing throughout the development process to achieve the best results possible.
During the process, Coverity also gains an insight into application sizes. It found that the average open source project has 832,000 lines of code, while proprietary applications are much larger at 7.5 million lines.
In addition to the new testing software, Coverity has recently appointed Zack Samocha as Coverity’s Scan project director. “The line between open source and proprietary software will continue to blur over time as open source is further cemented in the modern software supply chain,” he said. “Our goal with Scan is to enable more open source projects to adopt development testing as part of their workflow for ongoing quality improvement, as well as further the adoption of open source by providing broader visibility into its quality.”
The report is the result of the largest public/private sector research project on open source software integrity. The project started in 2006, jointly with the US Department of Homeland Security, but is now wholly owned and managed by Coverity.
How well do you know Internet security? Try our quiz and find out!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…
View Comments
The cleanest code was found to be Linux 2.6, PHP 5.3, and PostgreSQL 9.1 which weighed in at 0.62, 0.20 and 0.21 respectively.
Linux@0.62: is this a typo?
It looks that way to me, but the figure came directly from Coverity. Many thanks for pointing it out - we will check.
Peter Judge
We have a response back from Coverity. Does this answer the question?
Peter
Coverity says:
"The 0.62 figure is correct. This is a reflection of the size of the Linux code base at over 7 million lines of code. The development team has focused on the most critical part of the project, the kernel, and the defect density overall is better than the industry average. The key thing to keep in mind is that defect density – and therefore quality – is a function of the size of the code base and number of active developers. We feel that Linux – which is one of the largest projects in Scan and roughly the size of the average proprietary codebase – is a great benchmark for quality."