Government-Sponsored Static Analysis for Open Source
According to an article in InfoWorld, Coverity has been contracted over the last three years by the Homeland Security Agency to provide static code analysis for open source code tools. Way cool!
Worth noting:
Worth noting:
- Government agencies are using enough open source code to make the contract worthwhile. This is additional confirmation of Thomas Friedman's observation (in The World Is Flat) of the commerce-changing impact of open source.
- The Coverity press release cites an estimate by Gartner that 80% of commercial tools will incorporate open source code by 2012.
- Open source coders are voluntarily submitting their code for analysis. Not surprising. I would want my code to be as robust as possible too, and would take advantage of such an opportunity.
- The submitted code gets a "grade" by being assigned to a rung. You could obviously use this in deciding whether or not to use the tool.
- The measured defect densities are decreasing. The effect illustrates the principle that people will put more effort in improving what they can measure. Other errors could be getting less attention as a result. However, I expect that the code genuinely is getting more robust overall.
posted by Jim Vellenga at
1:25 PM
1 Comments:
You can find a copy of Coverity's 2009 report at http://scan.coverity.com/report/Coverity_White_Paper-Scan_Open_Source_Report_2009.pdf. Interestingly enough, although most of the projects analyzed decreased their defect density, the defect density increased for a significant fraction of them.
By
Jim Vellenga, At
October 2, 2009 at 10:58 AM
Post a Comment
Subscribe to Post Comments [Atom]
<< Home