Open Source Integrity Report : Key Findings

Coverity recently announced the release of the 2011 Coverity Scan Open Source Integrity Report, and the findings have been notable.

For those unfamiliar with Coverity Scan, this is a public-private sector research project focused on open source software integrity.

SCAN leverages one of the key development testing techniques, static analysis, to identify defects in software code.

The project was first initiated in 2006 in collaboration with the US Department of Homeland Security to strengthen its open source software. In its first year, over 6,000 software defects were identified by the analysis results from the Coverity Scan service.

Now fully owned and managed by Coverity, SCAN works with some of the most widely adopted open source projects including Linux, PHP, Apache, and Android. They have all helped to enforce the quality and security of open source software.

A key finding of the 2011 SCAN report is that the quality of open source software code analysed in the SCAN project is on par with the project's proprietary code. Here are the other top findings:

Both commercial and open source projects that adopt development testing reap the benefits of good quality by significantly reducing the incidence of software defects.

pen source projects that have been using Coverity Scan for several years have significantly better defect density than the software industry average.

t's easier for a smaller project, with a more tightly coordinated team, to address a larger quantity of defects faster. BRL-CAD fixed over 1,600 defects in 5 days-their case study appears in the report.

We also presented the detailed results for Linux, PHP, and PostgreSQL, three projects that have been active participants in Coverity Scan over the past 5 years and are model citizens of good quality. PHP and PostgreSQL both have exceptionally low defect densities compared to the industry average. Linux, a codebase of nearly 7 million lines of code, has a better than average defect density for a codebase and developer community of its size.

Our 2011 SCAN findings show how development testing techniques, such as static analysis, have emerged as a best practice for finding and fixing software defects during software development .

ABOUT THE AUTHOR

Chris Adlard is the EMEA Marketing and Communications Director at Coverity. He is responsible for all aspects of marketing and communications across EMEA. Chris brings a wealth of B2B technology marketing and communications experience to his role. This includes strategy development, marketing and communications campaign execution, product marketing and enterprise customer relationship management. Before joining Coverity in 2010, Chris spent the first 7 years of his professional career at IBM’s EMEA marketing group, first in the PC Division, then in the Global sectors and solutions business. Chris eventually became the marketing and communications lead for the IBM/SAP alliance. After his successful stint at IBM, Chris moved to Netegrity, taking on the role of marketing and communications manager for Germany. After Netegrity’s subsequent acquisition by CA, he spent 5 years working for CA UK as Enterprise Customer Alliance Manager. In addition to extensive enterprise marketing and communications at larger organizations, Chris has carried out consultancy projects for smaller organisations and start-ups.