Coverity Releases 2009 Coverity Scan Open Source Report

Coverity, a software integrity provider, has released the 2009 Coverity (News - Alert) Scan Open Source report. The report is based on a public-private sector research project focused on open source software integrity. It was initiated by U.S. Department of Homeland Security. The 2009 Coverity Scan Open Source Report analyzed nearly 11 billion lines of open source code from 280 open source projects over the last three years.

The Coverity open source integrity report is an objective presentation of open source code quality and defect data collected from the Coverity Scan service. The report helps to analyze coding and software integrity trends from popular open source packages, including Firefox, Linux, PHP, Ruby and Samba.

Key findings from the report say that overall integrity, quality and security of open source software are improving. The Coverity Scan service measured a 16 percent reduction in static analysis defect density over the past three years among participating projects; and open source developers are actively improving software.

The report also says that since 2006, more than 11,200 defects in open source programs have been eliminated as a result of using the Coverity Scan service. Total developer support has increased with more than 180 projects having active developers scanning and fixing software defects discovered by Scan.

Also, in 2009, the number of Rung 1 certified projects increased 32 percent from 2008 and doubled on Rung 2 in the same time period. OpenPAM, Ruby, Samba and tor are the first projects to begin Coverity Integrity Rung 3 certification. Rungs are certification levels indicating high-integrity open source software.

"High-integrity open source software is critical, especially given Gartner's (News - Alert) estimate that at least 80 percent of commercial software will contain open source code by 2012," said David Maxwell, Coverity open source strategist, in a release. "Coverity would like to thank all the open source teams and developers who participate in Coverity Scan. This report could not have happened without their support. Specifically, we applaud the OpenPAM, Ruby, Samba and tor teams for embarking on their Coverity Integrity Rung 3 certification."

The 2009 Coverity Scan Open Source Report covers topics like static analysis, open source projects participating in Coverity Scan, overall code improvements by participating projects, projects with most improved quality and how it was achieved, most commonly found defects, function length and defect density, and complexity metrics and defect density.

"The Coverity Scan service began as a public-private research partnership with the U.S. Department of Homeland Security to harden the integrity of open source code," added Andy Chou, chief scientist and co-founder of Coverity. "The Coverity Scan service is a key pillar of our strategy to help open source and commercial developers to continually improve the integrity of all software."