Coverity, which has a contract with the U.S. Department of Homeland Security to investigate the defect rates in a number of free software projects, has announced
the availability of its first set of results. "The LAMP stack -- Linux, Apache, MySQL, and Perl/PHP/Python -- showed
significantly better software quality above the baseline with an average of
0.290 defects per thousand lines of code compared to an average of 0.434 for
the 32 open source software projects analyzed.
" A table of results
is available, with more details for those who register with the site. A quick glance shows a few projects with high bug rates (Amanda, Firebird, net-snmp, X) and others with quite low rates (gcc, openvpn, python, perl). On the other hand, ethereal shows a very low defect rate, which can be hard to square with the long list of security advisories from that project.
to post comments)