Developer testing specialist Coverity has released its 2011 Scan Open Source Integrity Report, which the company claims is the result of the largest public-private sector research project focused on open source software integrity, originally initiated between Coverity and the U.S. Department of Homeland Security in 2006 and currently owned and managed by Coverity.
The 2011 Scan report details an analysis of the company has classified as the most active open source projects, totaling over 37 million lines of open source software code. In addition, the report details the results of over 300 million lines of proprietary software code from a sample of anonymous users.
Key findings from the 2011 Scan report include the finding that the average open source project has 832,000 lines of code. The average defect density, or the number of defects per thousand lines of code, across open source projects in Scan is .45.
Over 300 million lines of code from 41 proprietary codebases of anonymous Coverity users were analyzed. The average proprietary codebase has 7.5 million lines of code. The average defect density for proprietary codebases of Coverity users is .64. Linux 2.6, PHP 5.3, and PostgreSQL 9.1 are recognized as open source projects with superior code quality and can be used as industry benchmarks, achieving defect densities of .62, .20, and .21 respectively.
Open source code quality is on par with proprietary code quality, particularly in cases where codebases are of similar size. For instance, Linux 2.6, a project with nearly 7 million lines of code, has a defect density of .62, which is roughly identical to that of its proprietary codebase counterparts.
According to Coverity, "Organizations that make a commitment to software quality by adopting development testing as a part of their development workflow, as illustrated by the open source and proprietary codebases analyzed, reap the benefits of high code quality and continue to see quality improvements over time."
"The quality of our code is critical to the ongoing success and adoption of PHP, which includes some of the world's most popular websites," said Rasmus Lerdorf, creator of PHP.
"The line between open source and proprietary software will continue to blur over time as open source is further cemented in the modern software supply chain," said Zack Samocha, Coverity Scan project director. "Our goal with Scan is to enable more open source projects to adopt development testing as part of their workflow for ongoing quality improvement, as well as further the adoption of open source by providing broader visibility into its quality."
"The findings from Coverity challenge the notion that the best software is the most expensive software. We've seen customers waking up to this fact more recently. They are realizing that there are a range of great quality open alternatives out there. Some of these are pure open source projects and some are built on open core platforms. In short, buyers are wising up to the scare tactics used by established vendors and now understand that many open source-based offerings are of equal or better quality, for a fraction of the price," said James Peel, product manager, Opsview.