The popular Lamp stack of open-source software
applications has a lower bug count than other open-source software
products.
Research conducted on behalf of the US Department of Homeland
Security by code research specialist Coverity has helped establish
a new baseline metric for software quality and security.
To help establish this baseline metric, Coverity analysed more
than 17.5m lines of source code using the latest research from
Stanford University's Computer Science department.
The Lamp stack, consisting of the Linux, Apache, MySQL, and
Perl/PHP/Python applications, showed significantly better software
quality above the baseline, with an average of 0.290 defects per
thousand lines of code.
This compared to an average of 0.434 defects for the 32
open-source software projects analysed.
The Coverity analysis is the first public result arising from a
contract with the Department of Homeland Security to improve the
security and quality of software on the market.
The three-year contract, called the "Vulnerability Discovery and
Remediation Open Source Hardening Project", includes research on
the latest source code analysis techniques developed by Coverity
and Stanford computer scientists.
"One of the goals of our research on software quality and
security is to define a baseline so that people can measure
software reliability in both open-source and proprietary software
projects," said Ben Chelf, Coverity chief technology officer.
An updated table of summary results and access to the database
of defects is available at
http://scan.coverity.com.