Coverity, which offers software integrity scanning services, released its latest report on open source projects' code quality today.
It details the results of years worth of studies, talks with the community, and collaboration with the US Department of Homeland Security. The good news is that open source quality is steadily getting better.
Running since 2006, Coverity Scan has analysed more than 60 million lines of code on a recurring basis from more than 280 popular open source projects such as Firefox, Linux and PHP - some 26,181 individual project analysis runs.
It found that overall the quality of open source code has been improving, thanks in part to programmers referring to previous scan results and acting accordingly. More than 11,200 defects discovered in open source programs have been eliminated as a result of using its Scan web site since 2006, Coverity said.
Developers who want to check the integrity of their code can submit it to the Coverity static scan and wait for the results. In 2006 the scan found roughly one defect per 3,333 lines of code, while this year the metric has improved by 20 per cent to approximately one defect per 4,000 lines of code.
Using a static scan makes it easier to repeat the same studies in the same environment, according to Coverity.
Results are reported using a 'scan ladder' to apply a scale of integrity to code and award a position on higher rungs to improving projects.
There are three rungs - 36 of the projects scanned are on Rung 2 and 144 projects are on Rung 1. The highest rung, Rung 3, contains just four projects - Samba, TOR, OpenPAM and Ruby. The company described these as " outstanding examples of high-integrity software", and applauded them for their nightly builds, continuous integration, unit tests and regression tests.
Common coding mistakes still persist and Coverity said that these were NULL pointer deferences, which appeared in almost a third of all programs, resource leaks, and unintentionally ignored expressions.
Coverity says open source is getting better
By
V3.co.uk staff
on Sep 24, 2009 6:38AM
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
Kaseya Dattocon APAC 2024 is Back
Tech For Good program gives purpose and strong business outcomes
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
Ingram Micro Ushers in the Age of Ultra
Channel can help lead customers to boosting workplace wellbeing with professional headsets
Sponsored Whitepapers
-1.jpg&w=100&c=1&s=0)
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
Pulseway Essential Eight Framework
7 Best Practices For Implementing Human Risk Management
2025 State of Machine Identity Security Report
.png&w=100&c=1&s=0)
