Nearly two and a half years ago, the U.S. Department of Homeland Security
(DHS) issued a multi-year grant to help improve open source code quality. It appears
the DHS investment has paid off.
According to a report from code analysis vendor Coverity, the DHS-sponsored
effort has helped to reduce “defect density” in 250 open source projects
by 16 percent over the past two years. That defect reduction translates into
the elimination of more than 8,500 defects.
The report on the benefits of the DHS open source security efforts comes at a time when open source software is increasingly becoming part of critical infrastructure both in the government and in U.S. enterprises.
“The improvement of project defect density is such that when we started the
effort they were at 0.30 defects per thousand lines of code and now they are
down to on average 0.25 defects per thousand lines of code,” David Maxwell,
open source strategist for Coverity, told InternetNews.com. “I know
that feels like a small percentage change, but when it’s over 55 million code
it adds up.”
Coverity is a code analysis vendor and runs its scanning tools on the
included open source projects to identify coding errors.
While many projects have benefited from running the DHS-sponsored Coverity
scan, not all have actually managed to reduce their defects.
“There is a graph in the report that shows some projects have significant
improvements and some that haven’t been actively using the results from the
scan actually have increased in defect density,” Maxwell said.
The report graph that was provided to InternetNews.com
doesn’t fully reveal which projects did not improve. The report, however, did identify Perl, PHP,
Python, Postfix, Samba and TCL among the projects that have been able to
reduce their code defect densities by using data from the Coverity scans.