REPORT: Open Source Software on Par With Proprietary Code Software

Posted by · February 23, 2012 12:34 pm

In January 2011, research analysts at Gartner estimated that by 2016, open source software will be included in 99% of all mission critical software used by Global 2000 enterprise companies.  With this finding, it became increasingly clear that the line between open source and proprietary code is blurring and will eventually become obscure.  Thus, the work that development testing companies like Coverity are doing through their Coverity Scan project is vital to ensuring that secure, quality open source code is produced—whether it is used for commercial purposes or stays within the open source community.

Since starting the Scan project in 2006, Coverity has worked with over 300 open source projects—including Linux, PHP, Apache, Firefox and Android—to scan and test code during the software development process.  Earlier today, Coverity Scan released their 2011 Open Source Integrity Report, which contained some good news for commercial software companies and open source developers alike.  Not only was the quality of open source and proprietary code studied by Coverity Scan better than the software industry average, but code quality from the open source community was found to be on par with its proprietary counterpart—particularly with codebases of similar size.

For the report, Coverity Scan researchers analyzed over 37 million lines of open source code from 45 different projects and over 300 million lines of proprietary code from 41 proprietary codebases.  In addition, researchers gave Linux, PHP and PostgreSQL a detailed examination and found the three open source projects to be “model citizens.”  According to the report:  “(Linux, PHP and PostgreSQL) are best-practices examples of how adopting development testing via static analysis can help drive and improve quality in open source software over time… Linux 2.6, PHP 5.3, and PostgreSQL 9.1 are recognized as open source projects with superior code quality and can be used as industry benchmarks.”

To be fair, the findings from the Coverity Scan report aren’t earth-shattering. I think we all know that development projects benefit when those working on the project are committed to software quality and the adoption of development testing as part of their workflow.  However, the report serves as a good reminder to active open source communities to make sure that they are incorporating static analysis and other quality control measures into their processes.  It also serves as yet another reason for the commercial software development industry to stop being so afraid of open source projects.  In fact, commercial companies would benefit from embracing the open source community.

You can download the full Coverity Scan Open Source Integrity Report here.  And if any of you commercial developers have successfully integrated open source into your software supply chain, let us know how the process went in the comments section below.

For all you Windows users who might want to try out Linux (one of Coverity’s “model open source citizens”) without the worry, check out Experts Exchange Expert JohnGerhardt’s article on WUBI.