During 2011, the company tested open source projects that totalled over 37 million lines of code and the report also details the results of 300 million lines from anonymous proprietary software produced by Coverity Scan users.Posted on 02/23/2012 10:15:01 AM PST by ShadowAce
Any conviction that open source software (OSS) is somehow inferior to proprietary code, or vice versa, depending on which side of the development fence you sit, is being dispelled by a report from Coverity.
The company has been scanning millions of lines of open source code for its 2011 Coverity Scan Open Source Integrity Report. The results show that the free code quality is on a par with in-house-developed products.
The company said that this year’s study has been massively upgraded with the introduction of the Coverity 5 development testing platform. The new analysis engine incorporates advances in static analysis to improve results and find more defects in any code under test.
During 2011, the company tested open source projects that totalled over 37 million lines of code and the report also details the results of 300 million lines from anonymous proprietary software produced by Coverity Scan users.
On running the scans, it was found that the average defect density (number of defects per 1,000 lines) for open source was 0.45. In the proprietary code the same scan produced an index of 0.64. In both cases this is better than the 1.0 average defect density measured in commercial software.
The cleanest code was found to be Linux 2.6, PHP 5.3, and PostgreSQL 9.1 which weighed in at 0.62, 0.20 and 0.21 respectively. Coverity said that this recognised superior code quality defines the projects as industry benchmarks.
Rasmus Lerdorf, creator of PHP, said: “The quality of our code is critical to the ongoing success and adoption of PHP, which includes some of the world’s most popular Web sites. As our code grows and becomes more complex, Scan will become even more important for us as a way to help improve our code quality.”
To balance the results, the company compared projects of similar size in the open source and proprietary fields. Choosing codebases of around seven million lines, the defect density was roughly the same at 0.62. The parity is put down to progressive software testing throughout the development process to achieve the best results possible.
During the process, Coverity also gains an insight into application sizes. It found that the average open source project has 832,000 lines of code, while proprietary applications are much larger at 7.5 million lines.
In addition to the new testing software, Coverity has recently appointed Zack Samocha as Coverity’s Scan project director. “The line between open source and proprietary software will continue to blur over time as open source is further cemented in the modern software supply chain,” he said. “Our goal with Scan is to enable more open source projects to adopt development testing as part of their workflow for ongoing quality improvement, as well as further the adoption of open source by providing broader visibility into its quality.”
The report is the result of the largest public/private sector research project on open source software integrity. The project started in 2006, jointly with the US Department of Homeland Security, but is now wholly owned and managed by Coverity.
I wonder how many defects there are in 1,000 lines of code for electronic voting machines? Perhaps open source would be of benefit there...
That out of the way, when it comes to the legal defense; Open Source has little to stand on. For example, the whole point of Android was to be Open Source and freely disemenated; yet apparently Google is paying $9 in royalties to MSFT for every device using Android.
Doesn't this obliterate any superiority to the Open Source movement? Chances are that no matter what you do, someone has patented it.
May well be.. but Linux video drivers are as a rule slower on nvidia than Xp or 7
Voting machines security is much larger than the firmware running on it. What I seen as a good measure is to vote on the screen, get a printout,and then deposit that printout into a scanner. This way you have a paper trail and easy count.
I agree with you. It is too bad the system doesn’t work that way and that we don’t have access to the firmware on these machines.
In my experience commercial code is almost entirely developed by non-US programmers whereas Open-source code is heavily US programmers.
That goes for any software,in-fact any product. If you get big enough somebody will sue you,and it might be cheaper to just settle, pay them off. It doesn’t matter if the Patents are valid or not,just have a look at Oracle vs Google. Also,MSFT is getting money from HTC not from Google,Big difference. I am sure if it actually went to court,all patents would have been invalidated or at most easily bypassed by changed to the code. However,legal extortion still works.
Your right ... HTC and Samsung are both paying MSFT for the priviledge of using Google. Seems like pretty much every Android adopter will pay MSFT. I don’t understand how Google can make new Android releases (ICS and Jellybean) and not get hit too.
open source developers (anti-capitalists) are hosing small software companies by releasing software to the public produced at no cost.
as someone that has had to ‘compete’ against open source offerings, it’s a major pain in the butt
if anyone is wondering why software development is being pushed to 3rd world countries, you can thank the open source community as the business types continue to try and compete by cutting costs
Coverity basically builds things like Static Analysis tools. SA has its place - but it’s well to point out what is meant by “quality” here.
Maybe it’s a bit like commenting on the quality of the Golden Gate Bridge (or the Bay Bridge) by inspecting each and very weld on the bridge.
It’s not unimportant data, but it has very little to do with architecture, design, functionality, etc. etc.
as someone that has had to ‘compete’ against open source offerings, it’s a major pain in the butt
Any competition is a pain in the butt. Deal with it.
if anyone is wondering why software development is being pushed to 3rd world countries, you can thank the open source community as the business types continue to try and compete by cutting costs
Wrong. Softwre development was being pushed to 3rd word countries before OSS became the popular "in" thing to do. They are returning because companies are finally realizing that the developers were correct when they warned about the quality of the code being produced there.
I read that article, but unless I missed it, it did not explain what technology HTC and Samsung were paying MSFT for.
competing with another company is one thing... as we both have various costs to deal with. open source has no over head development costs.
Wrong. Softwre development was being pushed to 3rd word countries before OSS became the popular "in" thing to do. They are returning because companies are finally realizing that the developers were correct when they warned about the quality of the code being produced there.
as someone that has run businesses offshore, i can tell you first hand the quality available outside the US. the trick with offshoring is having senior personnel overseeing them locally, not remotely. another model would be for the company to on-shore people, train them, then ship them back. being overseen by senior people is still required.
and yes, open source people are anti-capitalists. the 'all information should be free' people are a hair from full blown commies.
btw, the free software foundation was founded in boston in 1985. i was working in boston at the time and remember the arguments. the push to offshore the development costs started by the mid to late 90s and was in full swing by 2001.
Cry me a river.
In the town where I used to live, I would once a month cut my neighbor's lawn. For free. She was a sweet 90-year old lady and she cried when my wife and I moved away.
By your logic, I should have refused to mow her lawn because it was preventing some lawn service from making a buck.
broken analogy is broken
for your analogy to match, you would have to mow all the lawns for free for anyone that asked.
go ahead and have your lawn mowing company compete against the ‘free lawn mowing movement’. your company would go out of business.
So the ‘free lawn mowing movement’ would be "anti-capitalist" and something for conservatives to oppose?
A lot of so-called “free” (Or Open Source if you prefer) software is written by paid employees at for profit companies. The model is a bit more complex than it may first appear. There are a million examples of how this works - but an easy one might be an open source driver for a piece of proprietary hardware. Or maybe an open source VPN client to connect to a proprietary VPN aggregator. And there are even more complicated scenarios than just that. Such as “giving away” the software but getting paid to configure it i.e. “advanced services”.
All is not as it first appears.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.