Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Programming Open Source

Code Quality: Open Source vs. Proprietary 139

just_another_sean sends this followup to yesterday's discussion about the quality of open source code compared to proprietary code. Every year, Coverity scans large quantities of code and evaluates it for defects. They've just released their latest report, and the findings were good news for open source. From the article: "The report details the analysis of 750 million lines of open source software code through the Coverity Scan service and commercial usage of the Coverity Development Testing Platform, the largest sample size that the report has studied to date. A few key points: Open source code quality surpasses proprietary code quality in C/C++ projects. Linux continues to be a benchmark for open source quality. C/C++ developers fixed more high-impact defects. Analysis found that developers contributing to open source Java projects are not fixing as many high-impact defects as developers contributing to open source C/C++ projects."
This discussion has been archived. No new comments can be posted.

Code Quality: Open Source vs. Proprietary

Comments Filter:
  • Re:Managed langauges (Score:4, Informative)

    by Anonymous Coward on Wednesday April 16, 2014 @07:16PM (#46774869)

    Apparently you missed the cyrpto flaws in Android 's Java crypto library from last year that exposed private keys. Apparently writing things in Java guarantees jack and shit.

  • Re:heartbleed (Score:5, Informative)

    by loom_weaver ( 527816 ) on Wednesday April 16, 2014 @07:41PM (#46775089)

    Disclaimer, I work for Coverity. There's a write-up on why Coverity didn't find it out of the box here:

    http://security.coverity.com/b... [coverity.com]

  • by ljw1004 ( 764174 ) on Wednesday April 16, 2014 @09:52PM (#46775951)

    They did examine heartbleed.

    http://ericlippert.com/2014/04... [ericlippert.com]

  • Re:Managed langauges (Score:3, Informative)

    by Anonymous Coward on Wednesday April 16, 2014 @09:59PM (#46775997)
    The underlying bug was in the Android PRNG handling, not a flaw in OpenSSL.
  • Re:Not a surprise (Score:1, Informative)

    by Anonymous Coward on Thursday April 17, 2014 @02:20AM (#46776947)

    Sure you can. It's called binary patching. It's how people patch bugs in closed-source games.
    Yes its possible, you just need to ignore the license, use a decompiler, and single step through the code, fixing and patching. The only problem is that you are fixing *your copy only*. Now you can continue to ignore the license and spread your copy around, or you can make a binary patch and spread that around (ignore the first instance of license violation by using a decompiler). The only other issue is that you may have to patch the next version of the software if the company doesn't fix the original (they don't necessarily recognise you as a developer or important), and if they catch you spreading patches or fixes, they will prosecute (read the license for more info.). So yes, like cutting a slice out of a baked cake, you can do a 'binary patch', unlike those 'open source' patches which is more like altering the ingredients list. Note also that your fix might be duplicated by dozens or hundreds of others.

Man is an animal that makes bargains: no other animal does this-- no dog exchanges bones with another. -- Adam Smith