Development testing specialist, Coverity, Inc. has released the 2011 Coverity Scan Open Source Integrity Report (Scan), based on a massive public-private sector research project focused on open source software integrity.
The project was originally initiated between Coverity and the US Department of Homeland Security in 2006, and is currently owned and managed by Coverity.
In 2011, open source projects in Coverity Scan were upgraded to the Coverity 5 development testing platform analysis engine to accommodate significant advances of the maturity in static analysis technology over the past five years, in particular, the ability to find more new and existing types of defects in software code.
The 2011 Scan report details the analysis of Scan’s most active open source projects, totalling over 37 million lines of open source software code in addition to the results of over 300 million lines of proprietary software code from a sample of anonymous Coverity users.
Key findings from the 2011 Scan report:
- Over 37 million lines of code from 45 of the most active open source projects in Scan were analysed. The average open source project in Scan has 832,000 lines of code and the average defect density across open source projects in Scan is 0.45.
- Over 300 million lines of code from 41 proprietary codebases of anonymous Coverity users were analysed. The average proprietary codebase has 7.5 million lines of code with the average defect density being 0.64.
- Both open source code quality and proprietary code quality, as measured by defect density are better than the average for the software industry, which has a defect density of 1.0.
- Linux 2.6, PHP 5.3, and PostgreSQL 9.1 are recognised as open source projects with superior code quality and can be used as industry benchmarks, achieving defect densities of 0.62, 0.20, and 0.21 respectively.
- Open source code quality is on par with proprietary code quality, particularly in cases where codebases are of similar size.
- Organisations committed to software quality through the adoption of development testing as part of their development workflow reap the benefits of high code quality and continue to see quality improvements over time.
Coverity’s goal with Scan is to enable more open source projects to adopt development testing as part of their workflow for ongoing quality improvement, as well as further the adoption of open source by providing broader visibility into its quality.
Coverity’s products are available in Australia from Embedded Logic Solutions , a leading distributor of PCB prototypes and design solutions, embedded development tools, single board computers, model driven development tools, CAN tools and USB/PCI device driver development tools.