Download our in-depth report: The Ultimate Guide to IT Security Vendors
Nearly two and a half years ago, the U.S. Department of Homeland Security (DHS) issued a multi-year grant to help improve open source code quality. It appears the DHS investment has paid off.
According to a report from code analysis vendor Coverity, the DHS-sponsored effort has helped to reduce "defect density" in 250 open source projects by 16 percent over the past two years. That defect reduction translates into the elimination of more than 8,500 defects.
The report on the benefits of the DHS open source security efforts comes at a time when open source software is increasingly becoming part of critical infrastructure both in the government and in U.S. enterprises.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i "The improvement of project defect density is such that when we started the effort they were at 0.30 defects per thousand lines of code and now they are down to on average 0.25 defects per thousand lines of code," David Maxwell, open source strategist for Coverity, told InternetNews.com. "I know that feels like a small percentage change, but when it's over 55 million code it adds up."
Coverity is a code analysis vendor and runs its scanning tools on the included open source projects to identify coding errors.
While many projects have benefited from running the DHS-sponsored Coverity scan, not all have actually managed to reduce their defects.
"There is a graph in the report that shows some projects have significant improvements and some that haven't been actively using the results from the scan actually have increased in defect density," Maxwell said.
The report graph that was provided to InternetNews.com doesn't fully reveal which projects did not improve. The report, however, did identify Perl, PHP, Python, Postfix, Samba and TCL among the projects that have been able to reduce their code defect densities by using data from the Coverity scans.