OStatic

How good is open source software? Since the term "open source" was coined 10 years ago, many organizations have wondered whether open-source software can really stand up to its proprietary counterparts. After all, does it really make sense that a bunch of programmers, many of whom are unpaid, could produce code that is reliable enough for mission-critical tasks?

The answer, it turns out, is "yes" -- but you don't have to take my word for it, or look only to the positive experiences that many businesses have had over the years. Coverity, a company that sells software to analyze the quality of source code, announced earlier this week that it had analyzed 250 open source projects. The results are encouraging: Coverity found that open-source code has a small number of defects. But even better, Coverity found that the number of defects has declined over time, meaning that with each passing year, open source programs become more reliable.

It goes without saying that any automatic code-analysis tool can only do so much; even if Coverity's tool were to find no problems, there might well be defects lurking in the dark. And Coverity only performs "static analysis", meaning that we cannot even expect to find certain types of bugs. Even so, the fact that Coverity found a relatively low number of defects shows that open source software is of generally high quality -- an indication that the social pressure to create high-quality programs not only exists in the open source world, but also has demonstrable effects.

To me, the fact that programs have improved, reducing the number of defects, is the most important and interesting part of this report. This means that open source developers are interested not only in creating high-quality code, but also in improving and maintaining the code that they have already created.

Part of this push for improvement might well come from the growing push for high-quality testing, and even "test-directed development," within the general world of software, and the open-source world in particular. The Ruby community, and particularly the core developers of Ruby on Rails, are famous for including and using tests. The Rails core team even says that patches (i.e., fixes) sent to them without an accompanying test will be discarded. This culture of high-quality, testable code is becoming increasingly prevalent among open source developers, and might well be helping to drive down the number of defects Coverity found.

• rails
• testing
• quality
• ruby