Quality and security of open source software improving


21 May 2008

The quality and security of open source software is improving, a new report completed in conjunction with the US Department of Home Security reveals.

The report, compiled by software quality firm Coverity, focused on over 250 open source projects and scanned more than 55 million lines of code over two years.

Researchers observed a 16pc reduction in static analysis defect density over the past two years, which reflects the elimination of more than 8,500 individual defects.

‘NULL pointer deference’ was the most common defect, while ‘Use before test of negative values’ was the least common defect.

The average rate of false positives identified by the open source developers on the scan site is below 14pc.

“The continued improvement of projects that already possess strong code quality and security underscores the commitment of open source developers to create software of the highest integrity,” said David Maxwell, open source strategist for Coverity.

Research firm Gartner predicts that by 2012, 80pc or more of all commercial software will include elements of open source technology.

“The use of open-source technologies to enhance and evolve commercial products has become a common strategy,” according to analyst Mark Driver of Gartner.

“Vendors will continue to leverage this movement by embedding open source into products, while end-user organisations will use stable open-source projects as a competitive differentiator against companies that refuse to acknowledge that open source is now enterprise-ready,” Driver said.

By John Kennedy