DHS Program Helps Reduce Open Source Defects

Two years into the effort, new report sheds light on how effective your tax dollars have been at improving open source security.


How to Help Your Business Become an AI Early Adopter


Nearly two and a half years ago, the U.S. Department of Homeland Security (DHS) issued a multi-year grant to help improve open source code quality. It appears the DHS investment has paid off.

According to a report from code analysis vendor Coverity, the DHS-sponsored effort has helped to reduce "defect density" in 250 open source projects by 16 percent over the past two years. That defect reduction translates into the elimination of more than 8,500 defects.

The report on the benefits of the DHS open source security efforts comes at a time when open source software is increasingly becoming part of critical infrastructure both in the government and in U.S. enterprises.

"The improvement of project defect density is such that when we started the effort they were at 0.30 defects per thousand lines of code and now they are down to on average 0.25 defects per thousand lines of code," David Maxwell, open source strategist for Coverity, told InternetNews.com. "I know that feels like a small percentage change, but when it's over 55 million code it adds up."

Coverity is a code analysis vendor and runs its scanning tools on the included open source projects to identify coding errors.

While many projects have benefited from running the DHS-sponsored Coverity scan, not all have actually managed to reduce their defects.

"There is a graph in the report that shows some projects have significant improvements and some that haven't been actively using the results from the scan actually have increased in defect density," Maxwell said.

The report graph that was provided to InternetNews.com doesn't fully reveal which projects did not improve. The report, however, did identify Perl, PHP, Python, Postfix, Samba and TCL among the projects that have been able to reduce their code defect densities by using data from the Coverity scans.

This article was first published on InternetNews.com. To read the full article, click here.

Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.