Coverity has announced the availability of a new report detailing the continued improvement in the quality and security of open-source software.
San Francisco-based Coverity on May 20 announced the availability of its Scan Report on Open Source Software 2008. The report is based on research done on the company’s Scan site. The Coverity Scan site was developed with support from the U.S. Department of Homeland Security as part of the federal government’s “Open Source Hardening Project,” said David Maxwell, open-source strategist for Coverity.
Maxwell said the report is based on two years of analysis of more than 55 million lines of code on a recurring basis from more than 250 popular open-source projects with Coverity Prevent, the company’s static source code analysis solution.
Moreover, the Scan Report on Open Source Software 2008 represents 14,238 individual project analysis runs for a total of nearly 10 billion lines of code analyzed over the two-year period. “We started out with the thought of doing a report on the progress we’d made with Scan to celebrate the second anniversary, but we realized we had a lot of information that would be useful” to developers using open-source software, so Coverity made a more formal report for broad public consumption, Maxwell said.
Overall, Maxwell said that based on the ongoing Scan site analysis it is evident that the quality and security of open-source software is improving. Indeed, Maxwell said researchers at the Scan site saw a 16 percent reduction in static analysis defect density over the last two years, which reflects the elimination of more than 8,500 individual defects.
Maxwell said that according to the Scan research, “null pointer deference” was the most common defect, while “use before test of negative values” was the least common defect.
Meanwhile, Mark Driver, an analyst with Gartner, said that with the use of open-source technology increasing, “Vendors will continue to leverage this movement by embedding open source into products, while end-user organizations will use stable open-source projects as a competitive differentiator against companies that refuse to acknowledge that open source is now enterprise-ready. By 2012, 80 percent or more of all commercial software will include elements of open-source technology.”
Maxwell said “the continued improvement of projects that already possess strong code quality and security underscores the commitment of open-source developers to create software of the highest integrity.”