PRNewswire:
Coverity Announces the State of Open Source Software Integrity
Releases 2009 Coverity Scan Open Source Report
SAN FRANCISCO, Sept. 23 /PRNewswire/ -- Coverity(R), the software integrity leader, today released the 2009 Coverity Scan Open Source Report. This report is the result of the largest public-private sector research project focused on open source software integrity. Originally initiated with the U.S. Department of Homeland Security, the 2009 Coverity Scan Open Source Report details the findings from analyzing more than 11 billion lines of open source code from 280 open source projects over the last three years.
The Coverity open source integrity report is an objective presentation of open source code quality and defect data collected from the Coverity Scan service. The report findings provide a unique opportunity for the business industry to examine coding and software integrity trends from some of the world's most well-used and popular open source packages, including Firefox, Linux, PHP, Ruby and Samba.
Some highlights of the report findings include:
- Overall integrity, quality and security of open source software are
improving.
The Coverity Scan service measured a 16 percent reduction in static
analysis defect density over the past three years among participating
projects.
- Open source developers are actively improving software.
Since 2006, more than 11,200 defects in open source programs have been
eliminated as a result of using the Coverity Scan service. Total
developer support has increased with more than 180 projects having
active developers scanning and fixing software defects discovered by
Scan.
- Projects continue to advance up Coverity Certified "Integrity Rungs"
from year to year.
In 2009, the number of Rung 1 certified projects increased 32 percent
from 2008 and doubled on Rung 2 in the same time period. OpenPAM, Ruby,
Samba and tor are the first projects to begin Coverity Integrity Rung 3
certification. Rungs are certification levels indicating high-integrity
open source software.
- Most common defect types are holding steady.
The most common defect types across participating open source projects
are still NULL Pointers, resource leaks and unintentional ignored
expressions."High-integrity open source software is critical, especially given Gartner's estimate that at least 80 percent of commercial software will contain open source code by 2012,"(1) said David Maxwell, Coverity open source strategist. [link]
posted by: gqpartner
Comments