You are here: Home > News > Article
Home
Business & Finance
News
U.S.
Politics
International
Technology
Entertainment
Sports
Lifestyle
Oddly Enough
Health
Science
Special Coverage
Video
Pictures
Your View
The Great Debate
Blogs
Weather
Reader Feedback
Do More With Reuters
RSSRSS Feed
Widgets
Mobile
Podcasts
Newsletters
Your View
Partner Services
CareerBuilder
Affiliate Network
Professional Products
Support (Customer Zone)
Reuters Media
Financial Products
About Thomson Reuters

Open Source Software Continually Improving According to Research from Coverity(TM)...

Tue May 20, 2008 6:10am EDT
 
[-] Text [+] 
Open Source Software Continually Improving According to Research from
Coverity(TM) Joint Venture With U.S. Department of Homeland Security
New Scan Report on Open Source Software 2008 Shows 16% Reduction in Static
Analysis Defect Density Across 250 Popular Open Source Projects Over 2 Year
Period

SAN FRANCISCO, May 20 /PRNewswire/ -- Coverity(TM), Inc., the leader in
improving software quality and security, today announced the availability of
the Scan Report on Open Source Software 2008. The Coverity Scan site was
developed with support from the U.S. Department of Homeland Security as part
of the federal government's 'Open Source Hardening Project.' The report is
based on 2 years of analysis of more than 55 million lines of code on a
recurring basis from over 250 popular open source projects with Coverity
Prevent(TM), the industry-leading static source code analysis solution.
    "The continued improvement of projects that already possess strong code
quality and security underscores the commitment of open source developers to
create software of the highest integrity," said David Maxwell, open source
strategist for Coverity. "Working with the open source community over the past
two years has been an exceptional opportunity for researchers at both the Scan
site and Coverity. Based on preliminary feedback from preview readers, the
report contains thought provoking information about defect density and code
complexity and provides a strong foundation for future research on the nature
of software."
    Open source projects analyzed at the Scan site include some of the worlds
most widely used applications, including the Apache web server and the Linux
operating system. Source code analysis from the Scan site is freely available
to qualified open source projects at: http://scan.coverity.com
    "Close collaboration between Coverity and the FreeBSD Project over three
years has been both exciting and remarkably valuable," said Robert Watson,
FreeBSD foundation president. "Coverity has had a positive impact on the
correctness of our source code and has helped improve our software development
methodology."
    The breadth and volume of analysis data presented in the Scan Report on
Open Source Software 2008 is unlike any other collection of code analysis data
in existence, representing 14,238 individual project analysis runs for a total
of nearly 10 billion lines of code analyzed over 2 years.
    The report also draws conclusions that may apply equally to open source
and commercial software regarding the relationship between variables such as
code base size, defect density, function length, Cyclomatic complexity and
Halstead effort. In summary, the Scan Report on Open Source Software 2008
contains the following findings:
    -- The quality and security of open source software is improving --
       Researchers at the Scan site observed a 16% reduction in static
       analysis defect density over the last 2 years, which reflects the
       elimination of more than 8,500 individual defects
    -- Prevalence of specific defect types -- The report shows a clear
       distinction between the frequencies of defect types across the scan
       database. 'NULL pointer dereference' was the most common defect while
       'Use before test of negative values' was the least common defect
    -- Average project function length and static analysis defect density --
       Data in the report contradicts conventional wisdom, indicating that
       projects with large average function length are not prone to higher
       defect densities
    -- Cyclomatic complexity and Halstead effort -- Research indicates these
       two measures of code complexity are significantly correlated to code
       base size
    -- False positive results -- The average rate of false positives
       identified by open source developers on the Scan site is below 14%


    Detailed data and analysis of these and other findings are available in
the complete Scan Report on Open Source Software 2008, which is freely
available for download in the research library at http://www.coverity.com
    "The use of open-source technologies to enhance and evolve commercial
products has become a common strategy. Vendors will continue to leverage this
movement by embedding open source into products, while end-user organizations
will use stable open-source projects as a competitive differentiator against
companies that refuse to acknowledge that open source is now enterprise-ready.
By 2012, 80% or more of all commercial software will include elements of open-
source technology," according to analyst Mark Driver in his recent Gartner
report 'Open Source in Vendor Business Strategies, 2008,' published March 31,
2008.
    Results of the Scan Report on Open Source Software 2008 will also be
discussed during a complimentary webinar on Wednesday, May 21, 2008 by David
Maxwell, Coverity's open source strategist. Registration is available at:
http://w.on24.com/r.htm?e=107874&s=1&k=41E3686F9B655D193F894D4A844EBBC6
    About the Scan site
    The Scan site was developed by Coverity with support from the U.S.
Department of Homeland Security as part of the federal government's 'Open
Source Code Hardening Project'. The site divides open source projects into
rungs based on the progress each project makes in resolving defects. Projects
at higher rungs receive access to additional analysis capabilities and
configuration options. Projects are promoted as they resolve the majority of
defects identified at their current rung.
    About Coverity
    Coverity (http://www.coverity.com), the leader in improving software
quality and security, is a privately held company headquartered in San
Francisco. Coverity's groundbreaking technology enables developers to control
complexity in the development process by automatically finding and helping to
repair critical software defects and security vulnerabilities throughout the
application lifecycle. More than 450 leading companies including ARM,
Phillips, RIM, Rockwell-Collins, Samsung and UBS rely on Coverity to help them
ensure the delivery of superior software.
    Coverity is a registered trademark, and Coverity Extend and Coverity
Prevent are trademarks of Coverity, Inc. All other company and product names
are the property of their respective owners.
     Media Contacts
     Jim Shissler
     Director, Public Relations
     jshissler@coverity.com
     +1 415 694 5342

     Steve Eisenstadt
     Page One Public Relations
     steve@pageonepr.com
     +1 (919) 781-8096

SOURCE  Coverity, Inc.

Jim Shissler, Director, Public Relations of Coverity, Inc., +1-415-694-5342,
jshissler@coverity.com; or Steve Eisenstadt of Page One Public Relations,
+1-919-781-8096, steve@pageonepr.com, for Coverity, Inc.

 

Editor's Choice

Labourers work at a riverfront construction site near the Sabarmati river in the western Indian city of Ahmedabad July 2, 2009. REUTERS/Amit Dave SlideshowSlideshow 

A selection of our best photos from the past 24 hours.  Slideshow 

Most Popular on Reuters

  • Articles
  • Video

We want to hear from you

Join the Reuters Consumer Insight Panel and help us get to know you better

Join the Reuters Consumer Insight Panel and help us get to know you better

Please take a moment to complete our survey