Open source code examined

Coverity finds improvements during project to examine more than 55 million lines of code

By Paul Krill
May 19, 2008

Talkback

E-mail

Printer Friendly

Reprints

A code analysis of popular open source software projects has revealed that the quality and security of open source software continues to improve.

In its "Scan Report on Open Source Software 2008," Coverity analyzed more than 55 million lines of code on a recurring basis from more than 250 open source projects. Detailed Tuesday, the project utilized the Coverity Prevent static source code analyzer and was done during a two-year period. Some of the projects analyzed included the Apache Web server, Linux, Firefox, and the Samba file and printer sharing system. Scripting languages such as PHP and Ruby were examined as well.

"We run the source code through our static analysis tool, which identifies certain types of software defects for them and developers can look at the result," said David Maxwell, open source strategist for Coverity.

Coverity in its analysis found that open source developers are interested in code quality and making efforts to make it better and more secure, Maxwell said.

"We can see from the statistics many developers are quite passionate about writing good code," Maxwell said.

The analysis found that:

* The quality and security of open source software continues to improve.

* There has been a 16 percent reduction in overall static analysis defect density, reflecting the elimination of more than 8,500 individual defects. This reduction figure represents the average reduction from the first analysis of each project to the most recent analysis.

* There is a prevalence of specific defects. "Null pointer reference" was the common defect while "User before test" was the least common.

* Static analysis defect density and function length are statistically uncorrelated. This contradicts conventional wisdom.

* Cyclomatic complexity and the Halstead effort, which are measures of code complexity, are significantly correlated to code base.

* The average rate of false positives identified by open source developers on the Scan site was less than 14 percent.

Also, Coverity found that code base size correlated to the number of defects. The company found it could tell with 72 percent accuracy how many defects would be in the code based on the size of the code.

Coverity's code-scanning service was offered on its Scan site, which was developed with support from the U.S. Department of Homeland Security as part of the federal "Open Source Hardening Project."

The project mostly examined C code but there was some C++ code as well.

Paul Krill is editor at large at InfoWorld.

Add to:

Digg

Talkback:

comment Post a Comment

MOST COMMENTS

Why San Francisco's network admin went rogue

Can you really live without Microsoft Office?

San Francisco's mayor gets back keys to the network

Mac (in)security: How to secure Macs in business

>> Talkback: Have your say

TAKE CONTROL OF YOUR CONTENT- LEVERAGE MICROSOFT SHAREPOINT
Microsoft Office SharePoint Server (MOSS) offers core content management designed for a broad user population. Attend this webcast to learn how to implement a strategy that allows for the coexistence of both MOSS and advanced ECM solution within the same IT environment. Sponsor: IBM

» Click here to view this Webcast

Zombie PCs Are Attacking Your LAN
A recent study showed that malware-infected zombie PCs are now a bigger threat to ISPs and Web infrastructure than DoS attacks. As this brand new IT Strategy Guide explains, an increased use of peer-to-peer techniques by the attackers has made it harder to fight back. Download now, compliments of Verio:

» Click here to download now

- Special Advertising Partners -

WHITE PAPERS

Best Practices for the Service Desk - According to a recent study only 53 percent of surveyed IT users are satisfied with their help desk support. Download this...
Discover How to Provide Anytime, Anywhere IT Support - Remote employees unduly bogged down with technical problems can mean significant losses in productivity, revenue and satisfaction...
Class of Service: Myths and Misconceptions - There has been much discussion about the benefits of CoS; but, there are also common myths, which unless challenged, can...
Factors to consider when comparing DSL or Cable - As the demand for high-speed access increases, businesses are looking for cost-effective connection options for remote workers...
Getting in Compliance with Government Data Regulations - This Whitepaper explores these standards and regulations-some firmly in place, some emerging, others in the formative stage...
Refine your company's plan for a Business Disruption Event - Many firms fail to consider how lines of communication will stay open in the event of a BDE. Make sure your company's mobile...

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

•

Application development

•

•

•

•

•

•

•

•

Find out when the latest white paper is available:

INFOWORLD MARKETPLACE

Deliver REMOTE SUPPORT Easily. Try WebEx FREE! - DOWNLOAD WEBEX SUPPORT CENTER FREE! Deliver efficient, effective support. CRUSH SUPPORT LOG JAMS!
Migrating to an IP-VPN? XO Can Make It Happen - Learn the five critical success factors with a free whitepaper from XO Enterprise Solutions.
Sign up to TRY WEBEX SUPPORT CENTER FOR FREE! - Get your FULL FEATURED trial here. Share documents and applications, address support challenges.
IP Networks Boost Secure Health Communications - AT&T provides secure communication to keep health care moving forward.
Why a CMDB? - IT best practices (ITIL) have shown the benefits of a CMDB. Click for whitepapers.

» BUY A LINK NOW

Open source code examined

MOST COMMENTS

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Video

Podcasts

InfoWorld Blogs

Columnists

Find Products and Companies

Resource Center

Sponsored Technology Links

Sponsored Technology Links
SGI - SGI Adaptive Data Warehouse: Building a High-End Oracle Data Warehouse Microsoft - Learn about the software-based VoIP solution from Microsoft. Vizioncore - Complete Solutions for Virtual Server Management Microsoft - Meet Windows Server 2008. The server unleashed. HP - Whitepaper: How IT Quality Managers Respond to SOA Change Xerox - Experience the colorful side of business at www.frugalcolor.com IBM - Webcast: Take control of your content- leverage MOSS HP - Whitepaper: Software Quality Management for SOA AT&T - Thinking about IMS AT&T - Factors to consider when comparing DSL or Cable AT&T - Going mobile with today's technology AT&T - What to expect from a Technology Assessment. Polycom - Telepresence For The Enterprise GoToMyPC - Research Brief: Providing Secure and Cost-Effective Remote Access AppAssure - Keeping the E-Mail Flowing Tripwire - Secure your virtual and physical environments with the same software. CA - Efficient - Flexible - Compliant PGP - Is Your Data Safe? Novell, IBM, and Intel - Solution for Open Virtualization Provides Server Consolidation Curl - IT Guide: Rich Internet Application (RIA) Security Symantec - Whitepaper: Secure, recover, and archive critical information Microsoft - {Open Source} Heroes Happen Here Symantec - Whitepaper: Protecting Microsoft(R) Applications Riverbed - Five Ugly Truths about WAFS and Caching InterSystems - Use Ensemble - quickly create composite applications. Cirba - Advanced Workload Analysis Techniques		Rackspace - Go Green Without Sacrificing Server Performance CA - Manage your IT more effectively. AT&T - Measuring mobile productivity CA - Plan IT better, Manage IT better. AT&T - Refine your company's plan for a Business Disruption Event Cirba - Consolidating Workloads onto Mainframes AT&T - Class of Service: Myths and Misconceptions AT&T - Enhancing security through Quantum Cryptography Riverbed - Wide Area Data Services Microsoft - Microsoft Forefront makes defending your systems easier. Learn how. HP - Explore the interactive whitepaper: Rightsizing Blades for the mid-market. Symantec - Webcast: Beyond AntiVirus AMD - Renowned Engineering Institution Chooses AMD Processor-Based Servers AMD - Watch this flash demo of the Quad-Core AMD Opteron Processor EMC - EMC and VMware help you build your virtualized infrastructure. AMD - HP and Oracle deploy unbreakable computing infrastructure Qwest - Learn how Qwest voice and data solutions can save you time. MKS - The Power of UNIX/Linux on Windows with MKS Toolkit Vision Solutions - Is your smaller organization ready for High Availability? Vision Solutions - Is system maintenance doing more harm than good? HP - NEW HP LaserJet P4014n printer Starting at $699 after $100 IS. HP - HP LaserJet M3035 MFP series Starting at $1,599. SHOP NOW HP - Speed, agility, flexibility - The HP BladeSystem c-Class. Nokia - Restore Your Mobile Devices With One Click Oracle - The Power of Two with SOA and BPM

	HOME NEWS BLOGS PODCASTS VIDEOS TECHNOLOGIES TEST CENTER EVENTS CAREERS	About \| Advertise \| Awards \| RSS \| Contact Us
Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy, Terms of Service. All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services. CIO :: ComputerWorld :: CSO :: Demo :: GamePro :: Games.net :: IDG Connect :: IDG World Expo Industry Standard :: IT World :: JavaWorld :: LinuxWorld :: MacUser :: Macworld :: Network World :: PC World :: Playlist