Open source scores big on defect-o-meter

I had to laugh at what the Open Source guys had been up to recently. This one comes from a U.S. government sponsored effort to make open source software as hacker- and malware-proof as possible.

The research, carried out by Code Analysis firm Coverity and funded by the Department of Homeland security, is part of the Vulnerability Discovery and Remediation Open Source Hardening Project. It examined 32 Open Source projects, and found they had - on average - one defect for every 2,300 lines.

Interestingly, the LAMP (Linux, Apache, MySQL and Perl/PHP/Python) stack, which is the building foundation for several web servers on the internet, scored even better on the defect-o-meter, with one quirk for every 3,448 lines.

XMMS audio player had a mind-boggling six defects in the 116,864 lines constituting its core. Each of these reports can be downloaded for free from Coverity's website.

Unfortunately, software mammoth has not been scrutinised; most commercial software applications are closed, making an objective comparison impossible without breaking licensing rules and risking fines.

But for now, Open Source proponents can tick another box in their checklist when it comes to establishing a standard for source code control and maintenance. Together with schemes like Tigris or CVS - both version control systems - closed and proprietary software is two steps behind.