The latest scan showed that the average defect rate for the 32 different open source projects tested has dropped to 0.231 per thousand lines of code at press time, compared to a baseline 0.434 across in early March, while some projects have managed to cut their defects down to zero.
There have been improvements across the LAMP (Linux, Apache, MySQL, PHP/Perl/Python) stack since San Francisco, California-based Coverity published its first results of its open source code analysis study as part of the three-year Vulnerability Discovery and Remediation Open Source Hardening Project.
The Linux kernel went from 1,062 defects to 782, and Apache from 32 to 24 for example, while PHP dropped from 204 to 42, Perl from 89 to 68, and Python from 96 to 14. Developers at the Amanda backup and recovery, Samba file and print server, XMMS (X Multimedia system), and OpenLDAP projects have been particularly hard at work, cutting their defect levels to zero.
Coverity calculates that open source developers fixed a software defect every six minutes in the week following the publication of Coverity’s initial analysis. The analysis was carried out as part of the Vulnerability Discovery and Remediation Open Source Hardening Project, which was announced in January.
The project is part of the Department of Homeland Security’s Science and Technology Directorate initiative to develop technologies to protect the nation’s telecommunication infrastructure and involves analysis carried out at Stanford University using Coverity’s Prevent Source code analysis tool.
