Feeds

Open and closed source software defects reloaded

Rhyme and Reasoning

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Open source and closed source software packages start out with roughly equivalent defect rates even though code inspection gives OS packages an edge over time.

That's the conclusion of a pair of studies by software tools vendor Reasoning.

In the first study, published in February, 2003, Reasoning found that the TCP/IP protocol stack implementation in version 2.4.19 of the open source Linux kernel has fewer defects than the protocol stacks of several commercial equivalents.

Reasoning found eight defects in 81,852 lines of Linux kernel source code - the fewest number of defects of the various implementations of TCP/IP inspected by the company as part of its study.

In a second study, published yesterday, Reasoning found the software quality of Apache v2.1 roughly on par with commercial Web server equivalents.

The defect density of the Apache code inspected was 0.53 per thousand lines of source code, while the commercial average defect density came to 0.51 per thousand lines of source code. In all 31 software defects were found in 58,944 lines of Apache v2.1.

Apache v2.1 is a less mature open source package than the Linux kernel reviewed in Reasoning's February study. Reasoning uses this factor to explain the discrepancy in findings between its two studies.

Reasoning concludes from its studies that "there is a correlation between code inspection/peer review and the resulting defect density".

Which is what common sense would have suggested in the first place.

Reasoning studies were derived from its automated software inspection services and used a "combination of proprietary technology and repeatable process". The company said that the results from its code inspection services are "objective and comparable across software applications, development methodologies, and coding styles".

The results of Reasoning's Apache V2.1 inspection can be obtained here. ®

Related Stories

Open and closed security are roughly equivalent
.NET 'more secure' than WebSphere
All bugs are created equal
Want to know the ten most critical web app vulnerabilities?

Secure remote control for conventional and virtual desktops

More from The Register

next story
The Return of BSOD: Does ANYONE trust Microsoft patches?
Sysadmins, you're either fighting fires or seen as incompetents now
China hopes home-grown OS will oust Microsoft
Doesn't much like Apple or Google, either
Sin COS to tan Windows? Chinese operating system to debut in autumn – report
Development alliance working on desktop, mobe software
Linux turns 23 and Linus Torvalds celebrates as only he can
No, not with swearing, but by controlling the release cycle
Eat up Martha! Microsoft slings handwriting recog into OneNote on Android
Freehand input on non-Windows kit for the first time
Linux kernel devs made to finger their dongles before contributing code
Two-factor auth enabled for Kernel.org repositories
This is how I set about making a fortune with my own startup
Would you leave your well-paid job to chase your dream?
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?