mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-02-06 23:50:16 +08:00
translated
This commit is contained in:
linuhap
parent
218710637b
commit
8e576c2ff0
@ -1,48 +0,0 @@
|
||||
linuhap翻译中
|
||||
Coverity scan report finds open source software quality outpaces proprietary code for first time
|
||||
================================================================================
|
||||
|
||||
|
||||
**Coverity opens up access to free development testing service, allows anyone interested in open source software quality to view projects**
|
||||
|
||||
Features | CIOL Bureau
|
||||
|
||||
MOUNTAIN VIEW, USA: Coverity Inc., a Synopsys company released the 2013 Coverity Scan Open Source Report.
|
||||
|
||||
The report details the analysis of 750 million lines of open source software code through the Coverity Scan service and commercial usage of the Coverity Development Testing Platform, the largest sample size that the report has studied to date.
|
||||
|
||||
For the 2013 Coverity Scan Report, the company analyzed code from more than 700 open source C/C++ projects as well as an anonymous sample of enterprise projects. In addition, the report highlights analysis results from several popular, open source Java projects that have joined the Scan service since March 2013.
|
||||
|
||||
The Coverity Scan Open Source Report has become a widely accepted standard for measuring the state of open source quality. During the past eight years, the Coverity Scan service has analyzed several hundreds of millions of lines of code from more than 1,500 open source projects - including C/C++ projects such as NetBSD, FreeBSD, LibreOffice and Linux, and Java projects such as Apache Hadoop, HBase and Cassandra.
|
||||
|
||||
The Scan service has helped developers find and fix more than 94,000 defects since 2006. Nearly 50,000 defects were fixed in 2013 alone - the largest single number of defects fixed in a single year by Scan users. More than 11,000 of these defects were fixed by the four largest projects in the service: NetBSD, FreeBSD, LibreOffice and Linux.
|
||||
|
||||
### Key findings in the 2013 report include: ###
|
||||
|
||||
* Open source code quality surpasses proprietary code quality in C/C++ projects. Defect density (defects per 1,000 lines of software code) is a commonly used measurement for software quality, and a defect density of 1.0 is considered the accepted industry standard for good quality software.
|
||||
|
||||
Coverity's analysis found an average defect density of .59 for open source C/C++ projects that leverage the Scan service, compared to an average defect density of .72 for proprietary C/C++ code developed for enterprise projects. In 2013, code quality of open source projects using the Scan service surpassed that of proprietary projects at all code base sizes, which further highlights the open source community's strong commitment to development testing.
|
||||
|
||||
* Linux continues to be a benchmark for open source quality. By leveraging the Scan service, Linux has reduced the average time to fix a newly detected defect from 122 days to just 6 days. Since the original Coverity Scan Report in 2008, scanned versions of Linux have consistently achieved a defect density of less than 1.0. In 2013, Coverity scanned more than 8.5 million lines of Linux code and found a defect density of .61.
|
||||
|
||||
* C/C++ developers fixed more high-impact defects. The Coverity analysis found that developers contributing to open source Java projects are not fixing as many high-impact defects as developers contributing to open source C/C++ projects.
|
||||
|
||||
Java project developers participating in the Scan service only fixed 13 percent of the identified resource leaks, whereas participating C/C++ developers fixed 46 percent. This could be caused in part by a false sense of security within the Java programming community, due to protections built into the language, such as garbage collection. However, garbage collection can be unpredictable and cannot address system resources so these projects are at risk.
|
||||
|
||||
* HBase serves as benchmark for Java projects. Coverity analyzed more than 8 million lines of code from 100 open source Java projects, including popular Big Data projects Apache Hadoop 2.3 (320,000 lines of code), Apache HBase (487,000 lines of code) and Apache Cassandra (345,000 lines of code).
|
||||
|
||||
Since joining the Scan service in August 2013, Apache HBase - which is Hadoop's database - fixed more than 220 defects, including a much higher percentage of resource leaks compared to other Java projects in the Scan service (i.e., 66 percent for HBase compared to 13 percent on average for other projects).
|
||||
|
||||
"If software is eating the world, then open source software is leading the charge," said Zack Samocha, senior director of products for Coverity. "Our objective with the Coverity Scan service is to help the open source community create high-quality software. Based on the results of this report - as well as the increasing popularity of the service - open source software projects that leverage development testing continue to increase the quality of their software, such that they have raised the bar for the entire industry."
|
||||
|
||||
Coverity also announced today that it has opened up access to the Coverity Scan service, allowing anyone interested in open source software to view the progress of participating projects. Individuals can now become Project Observers, which enables them to track the state of relevant open source projects in the Scan service and view high-level data including the count of outstanding defects, fixed defects and defect density.
|
||||
|
||||
"We've seen an exponential increase in the number of people who have asked to join the Coverity Scan service, simply to monitor the defects being found and fixed. In many cases, these people work for large enterprise organizations that utilize open source software within their commercial projects," added Samocha. "By opening up the Scan service to these individuals, we are now enabling a new level of visibility into the code quality of the open source projects, which they are including in their software supply chain."
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://www.ciol.com/ciol/features/213112/coverity-scan-report-source-software-quality-outpaces-proprietary-code/page/1
|
||||
|
||||
译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||
@ -0,0 +1,47 @@
|
||||
Coverity扫描报告首次发现开源软件质量超过专有软件
|
||||
================================================================================
|
||||
|
||||
|
||||
**Coverity开启了免费开发服务,允许任何对开源软件质量感兴趣的人查看项目**
|
||||
|
||||
特点 | CIOL Bureau
|
||||
|
||||
来自美国山景城(加州)的消息:Coverity公司(新思科技公司的一个子公司)发布了2013年Coverity扫描开源软件报告。
|
||||
|
||||
经过Coverity扫描服务以及按照Coverity开发测试平台的商业惯例,报告中详细说明了关于7.5亿行开源软件代码的分析,这是至今报告研究的最大的样本量。
|
||||
|
||||
在2013年Coverity扫描报告中,他们分析了超过700个C/C++开源项目和一个匿名的企业项目的样本。另外,报告中还强调了几个流行的开源Java项目的分析结果,这些项目从2013年3月就加入了扫描服务。
|
||||
|
||||
Coverity扫描开源项目报告成为了一个衡量开放源代码质量状态的广泛接受的标准。在过去8年时间里,Coverity扫描服务分析了超过1500个开源项目的数亿行代码——其中包括的C/C++项目中有NetBSD, FreeBSD,LibreOffice和Linux等,Java项目中有Apache Hadoop,HBase以及Cassandra等。
|
||||
|
||||
自2006年已来,扫描服务帮助开发者发现和修复了超过94,000缺陷。近50,000缺陷是仅在2013年一年修复的——这是扫描服务的用户在一年中修复缺陷的最大数量。在这些缺陷中,其中有超过11,000的缺陷修复于服务中四个最大的项目:NetBSD,FreeBSD,LibreOffice和Linux。
|
||||
|
||||
### 2013年报告中关键发现包括: ###
|
||||
|
||||
* C/C++项目中开源软件代码质量超过专有软件。缺陷密度(每1,000行软件代码所含的缺陷)是一个通用的测量软件质量的方法,缺陷密度1.0被认为是高质量软件的公认的行业标准。
|
||||
|
||||
Coverity的分析中发现,扫描服务中的开源的C/C++项目的平均缺陷密度为 .59,而为企业项目开发的专有C/C++代码的缺陷密度为 .72。在2013年,在所有不同大小的代码库中,扫描服务中的开源项目的代码质量超过专有项目,这进一步强调了开源社区开发测试的坚定的承诺。
|
||||
|
||||
* Linux继续成为开源质量的基准。通过利用扫描服务,Linux将修复一个新发现的缺陷的时间从122天减少到仅6天。从2008年第一个Coverity扫描报告发布后,扫描过的Linux版本的缺陷密度一直小于1.0。在2013年,Coverity扫描了超过850万行Linux代码并发现缺陷密度为 .61。
|
||||
|
||||
* C/C++开发者修复了更多的高风险缺陷。Coverity分析报告发现贡献于开源Java项目的开发者修复的高风险缺陷的数量没有贡献于开源C/C++项目的开发者修复的多。
|
||||
|
||||
参加扫描服务的Java项目开发者只修复了百分之13的经鉴定的资源泄露,而C/C++项目开发者修复了百分之46。这一方面可能是因为Java编程社区错误的安全感的原因,这种安全感是因为内建于语言的保护,比如垃圾收集。然而,垃圾收集不可预测的而且不能访问系统资源,所以这些项目处于危险之中。
|
||||
|
||||
* HBase是Java项目的基准。 Coverity分析了100个开源Java项目的超过800万行代码,包括流行的大数据项目Apache Hadoop 2.3 (320,000 行代码)和Apache Cassandra (345,000 行代码)。
|
||||
|
||||
自从在2013年8月加入扫描服务以来,Apache HBase——Hadoop的数据库——修复了超过220个缺陷,其中包括比其他参加扫描服务Java项目更高比例的资源泄露(HBase的缺陷中资源泄露占的比例为66%,而其他项目平均为13%)。
|
||||
|
||||
“如果说软件正在吞食世界,那么开源软件则是带头冲锋,”Coverity的产品高级总监Zack Samocha说,“我们的目标,包括Coverity扫描服务在内是帮助开源软件社区创作高质量的软件。基于这个报告的结果——以及这个日益流行的服务——使用开发测试的开源软件项目继续提升他们软件的质量,这让他们使整个行业更上一层楼。”
|
||||
|
||||
Coverity今天也宣布已经开放了Coverity扫描服务,允许任何对开源软件感兴趣的人查看参与项目的进展。个人现在可以成为项目观察者,这使他们可以跟踪扫描服务中相关开源软件的状态,查看高级数据包括未解决和已修复的缺陷的数目以及缺陷密度。
|
||||
|
||||
“我们看到了请求扫描服务的人数的指数增长,他们仅仅是要监控被发现和被修复的缺陷。在许多情况下,这些人工作于大型的企业组织,那些企业组织在商业项目中使用开源软件,”Samocha补充说。“通过对个人开放扫描服务,我们提升了查看开源项目代码质量的新的可见度,他们的软件供应链中正包含这些项目。”
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://www.ciol.com/ciol/features/213112/coverity-scan-report-source-software-quality-outpaces-proprietary-code/page/1
|
||||
|
||||
译者:[linuhap](https://github.com/linuhap) 校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||
Loading…
Reference in New Issue
Block a user