Open Source Security Improving

Open-source software’s security is improving rapidly, according to an in-depth analysis of over 250 programs including major players such as Linux and Apache. Developed in conjunction with the United States Department of Homeland Security, Coverity’s Scan Report on Open Source Software 2008 analyzed about 55 million lines of code on a recurring basis. The two-year study was conducted as part of the United States government’s Open Source Hardening Project. This project was awarded about $1.24 million by the government in order to hunt for security bugs in free software.

Thus far, the study has reported a 16% reduction in “static analysis defect density” over the past two years, reflecting the elimination of more than 8,500 defects. The findings contradict the conventional idea that projects with longer function length are not prone to higher defect densities. An open-source strategist in the project said the results reflect “the commitment of open source developers to create software of the highest integrity.”

Although the data are specifically derived from open-source programs, researchers believe the results are applicable to proprietary software as well. Information such as the relationship between factors like code base size, defect density, function length, Cyclomatic complexity, and the Halstead effect may lead to better understanding for all types of software, including open-source and commercial, licensed options.

Open-source software is rapidly improving its security capabilities, as well as providing helpful information for all domains of software. If you are interested in learning more, this website about open-source nonprofit software from the developers at Mpower Open can be of use.