The pillar of most open source applications is the ubiquitous LAMP -- Linux, Apache, MySQL, and Perl/PHP/Python stack. According to results of a Coverity study, the LAMP stack has fewer code defects than a baseline of 32 open source software projects.

According to results of a Coverity study, the LAMP stack has fewer code defects than a baseline of open source software projects (32).

MySQL and Perl had the lowest defect rates in the LAMP stack, whereas Python and PHP had higher rates of defects. Last year, Coverity did an analysis of MySQL showing that its defect rate was approximately 1/4th of comparable closed source software.

Ben Chelf, Coverity's CTO, commented that he wasn't surprised with the defect distribution shown by the new analysis."The average defect density was probably about where we thought it would be," Chelf told internetnews.com.Chelf was surprised, however, by the performance of the Perl language."Of the LAMP stack, Perl had the best defect density well passed standard deviation and better than the average, Chelf said. Chelf also added that the scan detects specific defect classes that are tagged as security vulnerabilities. Those defects have to do with the way an application handles tainted data coming in from the outside, essentially making sure that an application does the "right thing" with data that is input via a keyboard or over a packet.Identifying issues also isn't the only goal of the effort; according to Chelf the identified defects are actionable."Measuring code is good. Fixing code is better," Chelf said. "I think that's the big next step, working with the maintainers of these projects and saying 'hey this data is available and let's talk about how to fix the problems.'"

Source: 1, 2

Prashanth Rai