Open source software is becoming more secure, with the number of errors and security holes falling 16 per cent in two years, new research has found.

The study, commissioned by the US Department of Homeland Security and carried out by software firm Coverity, looked for defects and vulnerabilities in open-source projects using analytical tools which automatically detected various common errors in source code.

In total, 55 million lines of code were analysed. Researchers found 0.25 errors per 1,000 lines of code, a 16 per cent fall on the 0.3 errors found only two years ago.

"These findings represent an overall reduction of static analysis defect density across 250 open-source projects of a total of 23,068 individual defects," the report says. It lists ‘null pointer deference' and ‘resource leaks' as the two most common errors found in projects today.

As well as the average number of defects falling, it was also found that some projects managed to reduce defect density to zero. Perl, PHP and Samba were all noted by the company as performing particularly well and having an extremely low defect density.

Perhaps the most interesting possibility for automatic analysis of errors is a comparison between open source and commercial code, to finally answer the debate of which is the most secure conclusively, although Coverity explained that this is unlikely to happen in the near future.

"Many developers have an opinion about the differing quality and security of open source versus commercial software, and a number of theories have been hypothesised to justify the superiority of one class of code over another," the report says. However, comparing the two classes of code was not possible within the context of this report, say researchers, primarily due to the difficulty in obtaining comparable datasets.

Comments

There are currently 2 comments about this blog.

John Papworth, 5 months ago

This does make sense, as more people are able to look at open source code [... and therefore correct it], and for open source to work, code has to be inherently clear and concise.

Victoria, 5 months ago

I'm not surprised the researchers found it hard to get any comparison data, as I can’t imagine many firms would want their commercial code to be scrutinised. Open source software encourages engineers to strive for greater accuracy and improvements in software design. In this IT market at least, James Surowiecki's theory about 'the wisdom of crowds' certainly seems to hold true.

Leave a Reply

Name

Email Address

Your Website URL (please include http://)

Your Comment

type the text from the image