Coverity is pleased to announce the release of the 2011 Coverity Scan Open Source Integrity Report. Coverity Scan has worked with open source projects since 2006 to bring development testing via static analysis to help improve the quality open source software.
To summarize this year’s key findings:
-Both commercial and open source projects that adopt development testing reap the benefits of good quality by significantly reducing the incidence of software defects.
-Open source projects that have been using Coverity Scan for several years have significantly better defect density than the software industry average.
-It’s easier for a smaller project, with a more tightly coordinated team, to address a larger quantity of defects faster. BRL-CAD fixed over 1,600 defects in 5 days–their case study appears in the report.
We also present the detailed results for Linux, PHP, and PostgreSQL, three projects that have been active participants in Coverity Scan over the past 5 years and are model citizens of good quality. PHP and PostgreSQL both have exceptionally low defect densities compared to the industry average. Linux, a codebase of nearly 7 million lines of code, has a better than average defect density for a codebase and developer community of its size. Coverity CTO Andy Chou addresses this point in the following article:
2011 was a year of technical upgrades in Scan to the latest and greatest version of Coverity’s analysis engine, which will continue in 2012. Watch this space for news as we update the project to make it easier than ever for new projects to join Scan.
We thank all the projects for their continued support and participation in Scan, and in particular, Linux, PHP, PostgreSQL, and BRL-CAD.