Posted on 07 May 2013
A new Coverity report details the analysis of more than 450 million lines of software code through the Coverity Scan service. The service, which began as the largest public-private sector research project focused on open source software integrity, was initiated between Coverity and the U.S. Department of Homeland Security in 2006 and is now managed by Coverity.
Over the past seven years, the Coverity Scan service has analyzed nearly 850 million lines of code from more than 300 open source projects including Linux, PHP and Apache.Code quality for open source software continues to mirror that of proprietary software–and both continue to surpass the industry standard for software quality.
Defect density (defects per 1,000 lines of software code) is a commonly used measurement for software quality. The analysis found an average defect density of .69 for open source software projects that leverage the Coverity Scan service, and an average defect density of .68 for proprietary code developed by Coverity enterprise customers.
Both have better quality as compared to the industry average defect density for good quality software of 1.0. This marks the second, consecutive year that both open source code and proprietary code have achieved defect density below 1.0, indicating that the accepted industry standard for good quality code has improved.As projects surpass one million lines of code, there’s a direct correlation between size and quality for proprietary projects, and an inverse correlation for open source projects
. Proprietary code analyzed had an average defect density of .98 for projects between 500,000 – 1,000,000 lines of code. For projects with more than one million lines of code, defect density decreased to .66, which suggests that proprietary projects generally experience an increase in software quality as they exceed that size.https://www.net-security.org/secworld.php?id=14871