Open Source Code as Flawed as Proprietary: Study

CNET ^ | 2 July 03 | Stephen Shankland

[for-q-clinton]

Open source code as flawed as proprietary: Study By Stephen Shankland, CNET News.com Wednesday, July 2 2003 9:54 AM

The source code for a newer version of the Apache Web server software is of the same quality as that of proprietary competitors at a similar stage of development, a new study has found.

The review compared version 2.1 of the Apache Web server software, which is used to house Web sites, with several commercial packages that handle the same chores. Reasoning, a company whose business is analyzing code quality, compared the recently released version with code of competitors at a similar stage of development.

The study found 0.53 defects per thousand lines of code for Apache, compared with 0.51 for the commercial software, on average.

The comparable defect rate indicates that open-source software starts out as raw as proprietary software, but Reasoning said that ultimately open-source software has the potential to exceed proprietary software in quality. That's significant given the increasingly widespread use of open-source software such as Linux, OpenOffice desktop suite and the MySQL database.

"The open-source code seems to start at the same defect rate for early commercial code as well," Jeff Klagenberg, director of project management, said in an interview. "Over time, it can gain higher levels of quality. That appears to be because of the natural inspection process inherent in open source."

The earlier study praised Linux for the quality of the component that handles the TCP/IP networking that underlies the Internet and many home and corporate networks. That code had a defect rate of 0.1 per 1,000 lines of code and was a more mature section of code.

Reasoning next is studying Tomcat, an Apache module that lets Web servers run Java programs, said Tom Fry, Apache's director of marketing. The company plans to release that study in about two weeks, he said.

[for-q-clinton]

However, I would wager that people expend a comparable effort posting to Free Republic on company time than doing unauthorized open source development, simply because the pool of potential violators is about the same.

Why not use a closer analogy. Let's say you work at Ford Motor designing a new engine, but during work you talk to your buddies at Chevy and send them all the stuff you're working on.

Or to take the Freerepublic part of your post...compare that to guys at work talking around the water cooler or listening to the radio and calling in to win a prize.

[dark_lord]

What do you mean by changing the topic? I was just citing a well known quote regarding open source being "free". And I definitely did not attack you. I am not sure if you posted to the right person.

[dark_lord]

The original quote in full was: "Free software" is a matter of liberty, not price. To understand the concept, you should think of "free" as in "free speech," not as in "free beer."

I just looked it up, found it here

[dark_lord]

And what are you complaining about anyway? I agreed with your statement here with that quote. Are you so paranoid that you respond with attacks when people agree with you? Apparently.

[justlurking]

I gain the satisfaction of knowing that a small collection of bigots on FR will not go unchallenged when they claim that open source is superior to closed source.

I see. Well, I don't count myself among that group, because I don't think the issue has been conclusively settled either way. In another 10 years, maybe we will start to see, because there will be enough maturity among both to make a better evaluation.

What about the larger collection of bigots that claim closed source is superior to open source? And, do you count yourself among that group?

[justlurking]

Why not use a closer analogy. Let's say you work at Ford Motor designing a new engine, but during work you talk to your buddies at Chevy and send them all the stuff you're working on.

Ah, the SCO argument, which they have yet to prove. And they will find it difficult to do so, since they have been distributing their own open source product with the allegedly violating code in it.

The SCO strategy is little more than a pump and dump scheme -- you are seeing the "pump" now. The market will figure it out soon: the only question is whether the perpetrators get sued into oblivion or go to jail for fraud.

[justlurking]

If you wish to leave a parting shot like JustLurking did, go ahead and make yourself look the fool.

Tsk, tsk. You broke your promise.

[gore3000]

The release rate of patches is about the same.

The problem would seem to be in selecting the patches to apply.

Even when it is true that the release of patches is about the same, you still do better getting open source. Here's why - any software that has just been released will have bugs. If you get open source though, you can always choose between the newest release or an older, still supported 'stable' release which will have the patches in it already. With Microsoft at least you get the initial release regardless of whether you buy it the day it comes out or two years later. Then it is you who has to spend hours (days?) patching the darn thing. In addition, MS has the habit of ceasing to sell software when it has matured. It will push a new release on everyone which just starts a new round of bugs, patches, etc.

[stig]

So from a business stand point I can pay for buggy closed source code or I can down load the equivalent (ie. just as buggy) open source and run that for free. Now if I choose open source I have the added benefit that if a paying customer wants it fixed ASAP I can go into the source code and make the change. With closed source I'm at the mercy of company release cycles.

[for-q-clinton]

What do you mean by changing the topic? I was just citing a well known quote regarding open source being "free". And I definitely did not attack you. I am not sure if you posted to the right person.

You're doing the same thing that justlurking did (although not nearly as obvious). Everyone is aware of what FREE means, so whenever a discussion comes up that makes OSS not look so good Linux geeks argue the definitions of words. I'm not going to get dragged into a definition contest. I have a dictionary and I know what words mean. I'm not saying you attacked me, sorry if you took it that way. It's what justlurking did, so I was anticipating an attack after the definition contest was over. I was just difussing what I believed to be a soon to be attack on me by telling everyone the tactic.

In fact, just look at Lurker. He's claiming I broke my rule. I said I wouldn't discuss it with him anymore. He knew he was lying so he just left a link, hoping people wouldn't actually read it. Here's what I said, "Now if you don't have anything better to do than critic posts please stop replying to me. I know I will not be replying to anymore of your nonsensical posts."

After a round with suck a person, I felt it was wise to avoid going down that road again.

As I said if you think I was accusing you of a personal attack on me--I'm sorry.

[for-q-clinton]

You should read some of the posts from Golden Eagle on the developer's perspective.

You see a cash cow for yourself in OSS. You stated it was FREE. As seen earlier, you need to define what you mean by that, because you're comparing it to paying for closed source, so I assume you mean it came without cost. Well, you just admitted in your post it isn't *free* for the users that can't fix the code because they have to pay you to get it fixed. So really what you're saying is, you want to get the money instead of other people. Nothing wrong in being greedy...it's what makes capitalism work. Just need to be upfront about it. For me, I think I'd rather dump my money into closed source where I can get cheaper support, but have to pay for the product up front.

[for-q-clinton]

I forgot to put emphasis in the quote, so other's could pick up on it.

Me to JustLurking: "I know I will not be replying to anymore of your nonsensical posts"

So either he's an idiot or he's purposely posting nonsensical posts and admitting to it.

I'll let the readers decide.

[for-q-clinton]

And for some of the obtuse Linux evangelists, here's the definition of nonsensical that I was using: http://www.bartleby.com/62/76/N1037600.html

Enjoy :-)

[Dominic Harr]

:-D

There's an echo in here. Or I'm hearing this thread in stereo.

[Bush2000]

I see. Well, I don't count myself among that group, because I don't think the issue has been conclusively settled either way. In another 10 years, maybe we will start to see, because there will be enough maturity among both to make a better evaluation.

Those of us who study software engineering don't need to wait that long. The results are conclusive enough now that neither approach is better.

What about the larger collection of bigots that claim closed source is superior to open source? And, do you count yourself among that group?

I don't think that either approach is better. They're merely different. I simply don't like it when people make blanket statements about the superiority of one methodology over another. Because they simply don't know what they're talking about.

[Bush2000]

There's an echo in here. Or I'm hearing this thread in stereo.

"Run, Forrr-rest! Run!"

[xm177e2]

What the heck is a "defective" line of code, and how do they know it is like that? Did they go through all the code in Apache and examine it ... for something?

They probably took the # of known bugs / lines of code.

[Cacique]

this might interest you

[lelio]

Bottom line is, there is no complete security solution for Linux. Only your reliance upon "a loosely-knit group of hackers from around the net".

As opposed to ... what? Microsoft? There's already hotfixes out for their just released SP4.