Is open source software more or less prone to show-stopping bugs than proprietary alternatives?
The answer is likely 'it depends', but both arguments have been put forward forcefully online in the wake of the Heartbleed bug in the Open SSL code library, which went undiscovered by the open source community for two years.
One firm that has been poring over open source and proprietary code looking for such defects for years is Coverity.
This year, for the first time, the company found the open source code it looks at had a lower density of defects than the proprietary code examined by its tools.
Coverity looks at the code base of more than 1,500 open source projects, with the largest being NetBSD, FreeBSD, LibreOffice and the Linux kernel, as well as scrutinising various Java projects such as Apache Hadoop, HBase, and Cassandra. Coverity doesn't reveal which proprietary code scans are used as a comparison, but the firm's customers include Microsoft, SAP and RSA.
The testing house found that as code bases grew in size, so did the number of defects per thousand lines of code, but that the growth was slower in C and C++ open source code bases than proprietary alternatives. |