Free and open source software such as Firefox, LibreOffice, and Linux are enjoying increasingly widespread adoption on business and home computers, but every once in a while some naysayer will still raise one vague concern or another about open quality. source, in particular .
“You get what you pay for,” these detractors often like to say.
It’s all about FUD, of course, and a new report from developer testing firm Coverity helps confirm that.
In its 2011 Coverity Scan Open Source Integrity report, which was released on Thursday, Coverity actually found that open source code had fewer defects per thousand lines of code than proprietary software code.
“The line between open source and proprietary software will continue to blur over time as open source is cemented into the modern software supply chain,” noted Zack Samocha, Coverity project director for the scanning project.
Originally started by Coverity with the US Department of Homeland Security in 2006, Project Scan is the largest public-private sector research effort focused on the integrity of open source software, Coverity says.
This year’s analysis included more than 37 million lines of open-source software code and more than 300 million lines of proprietary software code from a sample of anonymous Coverity users.
To conduct its analysis, Coverity used a testing platform that was upgraded this year with the ability to find more types of new and existing defects in software code, the company says.
Linux 2.6 stands out
Among Coverity’s findings was that in proprietary codebases, which averaged 7.5 million lines of code, the average number of defects per thousand lines of code was 0.64.
This may seem quite small, but in open source software the figure was even smaller. Specifically, with an average open source project size of 832,000 lines of code, the average defect density was 0.45 defects per thousand lines of code.
Where the codebases were similar in size, the quality of open-source code was roughly equivalent to the quality of proprietary code, Coverity found. Linux 2.6, for example – a project with almost 7 million lines of code – had a defect density of 0.62, which is still slightly better than that of its proprietary code base counterparts.
Among open source projects, Linux 2.6, PHP 5.3 and PostgreSQL 9.1 can be used as industry benchmarks, the company said, with defect densities of 0.62, 0.20 and 0.21, respectively.
That’s not to say that open source software is always the best solution for every purpose. When it comes to choosing new software, however, quality is one of open source’s many strengths, not a liability.