Critics of open source programming may use the OpenSSL "Heartbleed" disaster to claim otherwise, but a new report from Coverity says open source code now beats proprietary software in quality. This week, the company released results of the 2013 Coverity Scan Open Source Source report, which found that, by Coverity's metrics, open source code has surpassed proprietary code in quality for the first time.

Christopher Tozzi, Contributing Editor

April 16, 2014

2 Min Read
Coverity Scan: Open Source Code Is Better Quality

Critics of open source programming may use the OpenSSL “Heartbleed” disaster to claim otherwise, but a new report from Coverity says open source code now beats proprietary software in quality. This week, the company released results of the 2013 Coverity Scan Open Source report, which found that, by Coverity’s metrics, open source code has surpassed proprietary code in quality for the first time.

Coverity, which is now part of Synopsys (SNPS), first began scanning open source software for quality in 2006, through a partnership with the Department of Homeland Security. Coverity now runs the scans independently.

In 2013, the Coverity Scan analyzed 750 million lines of open source code that came primarily from C and C++ projects, along with some Java projects. It then compared that code with proprietary software sources gleaned from “an anonymous sample of enterprise projects.”

In what will be welcome news for open source fans, the Coverity Scan analysis found that defect density—the number of defects per 1,000 lines of code—was 0.59 among the open source code it analyzed, compared to 0.72 for proprietary code. Put another way, that means the open source code in the sample had 22 percent fewer errors than its proprietary cousin.

For Linux kernel code in particular, the defect density, at 0.61, was slightly above the open source average. But Coverity says Linux remains “a benchmark for open source quality,” especially since kernel developers have reduced the time they take to fix a defect from 122 to six days in the years since Coverity first began analyzing Linux code in 2008.

To be sure, the debate over which approach to software development—open source or proprietary—is superior is not one that a scan of a limited corpus of mostly C and C++ code can end. And there’s much more to code quality than defect density. Still, Coverity’s findings on open source code quality—which the company is now making publicly available on an ongoing basis as it continues to monitor the code of participating projects—are good news for the open source community during a time when proprietary developers are sure to seize on the Heartbleed fiasco to denounce the “many eyes make all bugs shallow” mantra.

Read more about:

AgentsMSPsVARs/SIs

About the Author(s)

Christopher Tozzi

Christopher Tozzi

Contributing Editor

Christopher Tozzi started covering the channel for The VAR Guy on a freelance basis in 2008, with an emphasis on open source, Linux, virtualization, SDN, containers, data storage and related topics. He also teaches history at a major university in Washington, D.C. He occasionally combines these interests by writing about the history of software. His book on this topic, “For Fun and Profit: A History of the Free and Open Source Software Revolution,” is forthcoming with MIT Press.

See more from Christopher Tozzi
Free Newsletters for the Channel
Register for Your Free Newsletter Now
Subscribe

You May Also Like

Galleries
See all
Sep 16 - Sep 19, 2024
Join us for MSP Summit, September 16-19, 2024 in Atlanta, GA. You don't want to miss the industry’s most innovative and inspiring gathering of business leaders focused on growing their managed services businesses. This year’s MSP Summit will help attendees stay ahead of exponentially increasing security threats, expanding their range of services through a merger or acquisition and embrace a wide range of innovative new technologies. Get notified when registration opens.
Sign Up For Special Deal