Digital Edition

SYS-CON.TV
Open Source Software Continually Improving According to Research from Coverity(TM) Joint Venture With U.S. Department of Homeland Security
New Scan Report on Open Source Software 2008 Shows 16% Reduction in Static Analysis Defect Density Across 250 Popular Open Sourc

SAN FRANCISCO, May 20 /PRNewswire/ -- Coverity(TM), Inc., the leader in improving software quality and security, today announced the availability of the Scan Report on Open Source Software 2008. The Coverity Scan site was developed with support from the U.S. Department of Homeland Security as part of the federal government's 'Open Source Hardening Project.' The report is based on 2 years of analysis of more than 55 million lines of code on a recurring basis from over 250 popular open source projects with Coverity Prevent(TM), the industry-leading static source code analysis solution.

"The continued improvement of projects that already possess strong code quality and security underscores the commitment of open source developers to create software of the highest integrity," said David Maxwell, open source strategist for Coverity. "Working with the open source community over the past two years has been an exceptional opportunity for researchers at both the Scan site and Coverity. Based on preliminary feedback from preview readers, the report contains thought provoking information about defect density and code complexity and provides a strong foundation for future research on the nature of software."

Open source projects analyzed at the Scan site include some of the worlds most widely used applications, including the Apache web server and the Linux operating system. Source code analysis from the Scan site is freely available to qualified open source projects at: http://scan.coverity.com/

"Close collaboration between Coverity and the FreeBSD Project over three years has been both exciting and remarkably valuable," said Robert Watson, FreeBSD foundation president. "Coverity has had a positive impact on the correctness of our source code and has helped improve our software development methodology."

The breadth and volume of analysis data presented in the Scan Report on Open Source Software 2008 is unlike any other collection of code analysis data in existence, representing 14,238 individual project analysis runs for a total of nearly 10 billion lines of code analyzed over 2 years.

The report also draws conclusions that may apply equally to open source and commercial software regarding the relationship between variables such as code base size, defect density, function length, Cyclomatic complexity and Halstead effort. In summary, the Scan Report on Open Source Software 2008 contains the following findings:

-- The quality and security of open source software is improving -- Researchers at the Scan site observed a 16% reduction in static analysis defect density over the last 2 years, which reflects the elimination of more than 8,500 individual defects -- Prevalence of specific defect types -- The report shows a clear distinction between the frequencies of defect types across the scan database. 'NULL pointer dereference' was the most common defect while 'Use before test of negative values' was the least common defect -- Average project function length and static analysis defect density -- Data in the report contradicts conventional wisdom, indicating that projects with large average function length are not prone to higher defect densities -- Cyclomatic complexity and Halstead effort -- Research indicates these two measures of code complexity are significantly correlated to code base size -- False positive results -- The average rate of false positives identified by open source developers on the Scan site is below 14%

Detailed data and analysis of these and other findings are available in the complete Scan Report on Open Source Software 2008, which is freely available for download in the research library at http://www.coverity.com/

"The use of open-source technologies to enhance and evolve commercial products has become a common strategy. Vendors will continue to leverage this movement by embedding open source into products, while end-user organizations will use stable open-source projects as a competitive differentiator against companies that refuse to acknowledge that open source is now enterprise-ready. By 2012, 80% or more of all commercial software will include elements of open- source technology," according to analyst Mark Driver in his recent Gartner report 'Open Source in Vendor Business Strategies, 2008,' published March 31, 2008.

Results of the Scan Report on Open Source Software 2008 will also be discussed during a complimentary webinar on Wednesday, May 21, 2008 by David Maxwell, Coverity's open source strategist. Registration is available at: http://w.on24.com/r.htm?e=107874&s=1&k=41E3686F9B655D193F894D4A844EBBC6

About the Scan site

The Scan site was developed by Coverity with support from the U.S. Department of Homeland Security as part of the federal government's 'Open Source Code Hardening Project'. The site divides open source projects into rungs based on the progress each project makes in resolving defects. Projects at higher rungs receive access to additional analysis capabilities and configuration options. Projects are promoted as they resolve the majority of defects identified at their current rung.

About Coverity

Coverity (http://www.coverity.com/), the leader in improving software quality and security, is a privately held company headquartered in San Francisco. Coverity's groundbreaking technology enables developers to control complexity in the development process by automatically finding and helping to repair critical software defects and security vulnerabilities throughout the application lifecycle. More than 450 leading companies including ARM, Phillips, RIM, Rockwell-Collins, Samsung and UBS rely on Coverity to help them ensure the delivery of superior software.

Coverity is a registered trademark, and Coverity Extend and Coverity Prevent are trademarks of Coverity, Inc. All other company and product names are the property of their respective owners.

Media Contacts Jim Shissler Director, Public Relations jshissler@coverity.com +1 415 694 5342 Steve Eisenstadt Page One Public Relations steve@pageonepr.com +1 (919) 781-8096

Coverity, Inc.

CONTACT: Jim Shissler, Director, Public Relations of Coverity, Inc.,
+1-415-694-5342, jshissler@coverity.com; or Steve Eisenstadt of Page One
Public Relations, +1-919-781-8096, steve@pageonepr.com, for Coverity, Inc.

Web site: http://www.coverity.com/

About PR Newswire
Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.



ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, disc...
Having been in the web hosting industry since 2002, dhosting has gained a great deal of experience w...
All in Mobile is a mobile app agency that helps enterprise companies and next generation startups bu...
NanoVMs is the only production ready unikernel infrastructure solution on the market today. Unikerne...
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO Silicon Valley 2019 will cover all of these tools, with the m...
Your job is mostly boring. Many of the IT operations tasks you perform on a day-to-day basis are rep...
Dynatrace is an application performance management software company with products for the informatio...
Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism...
Technological progress can be expressed as layers of abstraction - higher layers are built on top of...
"Calligo is a cloud service provider with data privacy at the heart of what we do. We are a typical ...
SUSE is a German-based, multinational, open-source software company that develops and sells Linux pr...
When building large, cloud-based applications that operate at a high scale, it’s important to mainta...
Big Switch's mission is to disrupt the status quo of networking with order of magnitude improvements...
In his session at 21st Cloud Expo, Michael Burley, a Senior Business Development Executive in IT Ser...
Yottabyte is a software-defined data center (SDDC) company headquartered in Bloomfield Township, Oak...
Serveless Architectures brings the ability to independently scale, deploy and heal based on workload...
Whenever a new technology hits the high points of hype, everyone starts talking about it like it wil...
Every organization is facing their own Digital Transformation as they attempt to stay ahead of the c...
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (No...
Chris Matthieu is the President & CEO of Computes, inc. He brings 30 years of experience in developm...