Channels ▼
RSS

Tools

State of Open Source Software Integrity Report Released



Coverity has released its 2009 Coverity Scan Open Source Report. This report is the result of a public-private sector research project focused on open source software integrity. Originally initiated with the U.S. Department of Homeland Security, the 2009 Coverity Scan Open Source Report details the findings from analyzing more than 11 billion lines of open source code from 280 open source projects over the last three years.

The Coverity open source integrity report is an objective presentation of open source code quality and defect data collected from the Coverity Scan service. The report findings provide a unique opportunity for the business industry to examine coding and software integrity trends from some of the world's most well-used and popular open source packages, including Firefox, Linux, PHP, Ruby and Samba.

Highlights of the report findings include:

  • Overall integrity, quality and security of open source software are improving. The Coverity Scan service measured a 16 percent reduction in static analysis defect density over the past three years among participating projects.
  • Open source developers are actively improving software. Since 2006, more than 11,200 defects in open source programs have been eliminated as a result of using the Coverity Scan service. Total developer support has increased with more than 180 projects having active developers scanning and fixing software defects discovered by Scan.
  • Projects continue to advance up Coverity Certified "Integrity Rungs" from year to year. In 2009, the number of Rung 1 certified projects increased 32 percent from 2008 and doubled on Rung 2 in the same time period. OpenPAM, Ruby, Samba and tor are the first projects to begin Coverity Integrity Rung 3 certification. Rungs are certification levels indicating high-integrity open source software.
  • Most common defect types are holding steady. The most common defect types across participating open source projects are still NULL Pointers, resource leaks, and unintentional ignored expressions.

"The Coverity Scan service began as a public-private research partnership with the U.S. Department of Homeland Security to harden the integrity of open source code," said Andy Chou, chief scientist and co-founder of Coverity. "The Coverity Scan service is a key pillar of our strategy to help open source and commercial developers to continually improve the integrity of all software."


Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 

Video