Hey! Don't Criticize Open Source Code Over Quality
There has probably never been a catalyst for criticism of open source development models as influential as the OpenSSL "Heartbleed" bug, but critics analyzing the problems that Heartbleed is causing should pay attention to a couple of recent reports. A few days ago, I posted the results of this year's Future of Open Source Survey, sponsored by Black Duck and North Bridge Venture Partners. It found that open source applications and platforms are providing higher quality than the proprietary competition. Now, the 2013 Coverity Scan Open Source report is out, and it also determined that open source code is higher in quality than proprietary code.
Coverity has analyzed the code quality issue before, and this is the first year that open source code has outdone proprietary. As The Var Guy notes:
"Coverity Scan analysis found that defect density—the number of defects per 1,000 lines of code—was 0.59 among the open source code it analyzed, compared to 0.72 for proprietary code. Put another way, that means the open source code in the sample had 22 percent fewer errors than its proprietary cousin."
That's nothing to shake a stick at. Meanwhile, The Future of Open Source Survey found that security and quality were for the first time among the most commonly cited reasons why enterprises favor open source software. In a 2007 report, 80 percent of those surveyed by Gartner researchers cited cost as the primary driver of their open source use, but the primary drive now appears to be quality.
There will still be people who blame problems like the Heartbleed bug on open source, but quality wins out in the end.