March 19, 2006
Open Scrutiny of Open Source Code
Last Monday, Coverity, in collaboration with Stanford University, announced the results of their analysis of software quality and security of 32 of the most critical and widely used open source projects in the world. The study, which was funded by the Department of Homeland Security, used Coverity's automated defect detection tools to uncover critical software bugs. In general, the analysis showed that open source applications have lower defect rates than proprietary software applications. The average defect rate of the open source applications was 0.434 bugs per 1000 lines of code. This compares with an average defect rate of 20 to 30 bugs per 1000 lines of code for commercial software, according to Carnegie Mellon University's CyLab Sustainable Computing Consortium.