Coverity Report Finds Open Source Code Quality Beats Commercial Code
Linux - NewsThis forum is for original Linux News. If you'd like to write content for LQ, feel free to contact us.
All threads in the forum need to be approved before they will appear.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,600
Rep:
Coverity Report Finds Open Source Code Quality Beats Commercial Code
Quote:
Synopsys has announced the release of its annual Coverity Scan Open Source Report, which is widely followed. The 2014 report details the analysis of nearly 10 billion lines of source code through the Coverity Scan service and commercial usage of the Synopsys Testing Platform.
For the report, the company analyzed code from more than 2,500 open source C/C++ projects as well as an anonymous sample of commercial projects in 2014. Additionally, the report highlights results from several popular, open source Java and C# projects that have joined the Coverity Scan service since March 2013. Here are findings.
The Coverity Scan Open Source Report is based on scans of billions of lines of code, and has been used to measure the state of open source code quality for nine years. Notably, open source code outpaced commercial code for quality in the 2013 report. This trend continues in 2014.
Key findings from the latest report include:
- Defect density (defects per 1,000 lines of code)of open source code and commercial code has continued to improve since 2013: When comparing overall defect density numbers between 2013 and 2014, the defect density of both open source code and commercial code has continued to improve. Open source code defect density improved from 0.66 in 2013 to 0.61 in 2014, while commercial code defect density improved from 0.77 to 0.76.
- Coverity Scan aids OpenSSL in post-Heartbleed investigation: According to OpenSSL co-founder Tim Hudson, the Coverity Scan service helped to catch newly discovered defects and highlight where other issues like the Heartbleed bug might exist. Since Heartbleed, OpenSSL has fixed 302 defects found by Coverity Scan, and now has a 0.21 defect density.
- Linux remains a benchmark for static analysis defect density: Since joining the Coverity Scan service in 2006, Linux has retained its commitment to quality, which remains a key focus. During 2014, Linux leveraged the Coverity Scan service to find and fix more than 500 high-impact defects, including resource leaks, memory corruptions and uninitialized variables.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.