The quality of Open Source code for the first time surpassed the quality of the code of proprietary projects in C / C ++
Yesterday, The Linux Foundation announced the launch of the Core Infrastructure Initiative (CII) project to financially support distressed Open Source projects like OpenSSL, which in recent years lived on donations of $ 2,000 a year.
In the official press release of The Linux Foundation, it emphasizes that the need for financial support is completely unrelated to the poor quality of the OSS code, quite the opposite. Free software surpasses proprietary software in code quality and security. In confirmation of this, The Linux Foundation referred to the latest study of the Coverity Open Scan , the results of which were published on April 15, a week after the publication of information about the Heartbleed bug.
It is clear that the moment for publication was chosen exclusively unfortunate. Everyone was just discussing how such a bug got into open source and how to prevent it in the future. There is still no answer. Perhaps millions of dollars from CII will help solve the problem.
')
In this situation, it is important to understand that the quality of the STR code truly objectively exceeds the quality of the proprietary software code. Relatively speaking, if the OpenSSL code was not open, we could never know about this vulnerability.
The company Coverity constantly carries out a static analysis of the code of proprietary and open source projects for the order of the US Department of Homeland Security. This work is considered a generally accepted standard for evaluating code quality.
The latest 2013 Coverity Scan Open Source Report is based on an analysis of 750 million lines of code from 741 Open Source projects in C / C ++, including NetBSD, FreeBSD, LibreOffice and Linux, as well as an anonymous sample of proprietary enterprise software on the same C / C ++.
The main conclusion is that for the first time in eight years of such studies, the quality of the code of free projects in C / C ++ exceeded the quality of the code of proprietary projects. Given that the standard of high quality is considered to be no more than 1 error per 1000 lines of code, the Coverity software detected 0.59 errors per 1000 lines in open projects, and 0.72 errors in proprietary projects.
“Open Source has outperformed proprietary software in projects of all sizes, which once again underlines the strong commitment of the open community to testing during development,” a Coverity press release said .
Returning to the CII initiative, The Linux Foundation explains that the problem is not the low quality of Open Source, the increased software complexity in recent years, the need to support more and more platforms. Additional resources are needed and therefore, that is why they attract funding.
In the official press release of The Linux Foundation, it emphasizes that the need for financial support is completely unrelated to the poor quality of the OSS code, quite the opposite. Free software surpasses proprietary software in code quality and security. In confirmation of this, The Linux Foundation referred to the latest study of the Coverity Open Scan , the results of which were published on April 15, a week after the publication of information about the Heartbleed bug.
It is clear that the moment for publication was chosen exclusively unfortunate. Everyone was just discussing how such a bug got into open source and how to prevent it in the future. There is still no answer. Perhaps millions of dollars from CII will help solve the problem.
')
In this situation, it is important to understand that the quality of the STR code truly objectively exceeds the quality of the proprietary software code. Relatively speaking, if the OpenSSL code was not open, we could never know about this vulnerability.
The company Coverity constantly carries out a static analysis of the code of proprietary and open source projects for the order of the US Department of Homeland Security. This work is considered a generally accepted standard for evaluating code quality.
The latest 2013 Coverity Scan Open Source Report is based on an analysis of 750 million lines of code from 741 Open Source projects in C / C ++, including NetBSD, FreeBSD, LibreOffice and Linux, as well as an anonymous sample of proprietary enterprise software on the same C / C ++.
The main conclusion is that for the first time in eight years of such studies, the quality of the code of free projects in C / C ++ exceeded the quality of the code of proprietary projects. Given that the standard of high quality is considered to be no more than 1 error per 1000 lines of code, the Coverity software detected 0.59 errors per 1000 lines in open projects, and 0.72 errors in proprietary projects.
“Open Source has outperformed proprietary software in projects of all sizes, which once again underlines the strong commitment of the open community to testing during development,” a Coverity press release said .
Returning to the CII initiative, The Linux Foundation explains that the problem is not the low quality of Open Source, the increased software complexity in recent years, the need to support more and more platforms. Additional resources are needed and therefore, that is why they attract funding.
Source: https://habr.com/ru/post/220769/
All Articles