Coverity, a software engineering company that provides automated source code analysis tools , has released a analytics report named “2008 edition of its Open Source Report”. The research paper was aimed to analyze the quality of the code.
A scan report of Open Source software 2008 shows 16% reduction in static analysis defect density across 250 popular Open source projects over 2 year period.
The report says that:
- The overall quality and security of open source software is improving – Researchers at the Scan site observed a 16% reduction in static analysis defect density over the past two years
- Prevalence of individual defect types – There is a clear distinction between common and uncommon defect types across open source projects
- Code base size and static analysis defect count – Research found a strong, linear relationship between these two variables
- Function length and static analysis defect density – Research indicates static analysis defect density and function length are statistically uncorrelated
- Cyclomatic complexity and Halstead effort – Research indicates these two measures of code complexity are significantly correlated to codebase size
- False positive results – To date, the rate of false positives identified in the Scan databases averages below 14%
Data form the report released an year ago showed that the participating open source project had roughly one static analysis defect per 3,333 lines of code. The recent survey reported that the participating web projects now have approximately one static analysis defect per 4,000 lines of code, which is decrease of 16%.