Defective software costs the $180 billion U.S. software market $60 billion every year. SourceNinja says that recent data shows 70 percent of internally developed software is tested for bugs, but only 35 percent of third party code is tested.
It adds that “As software size and complexity increase, reliance upon open source third party libraries is becoming common place. Software is no longer all developed from scratch, but is a combination of private and publicly available code.”
Coverity recently performed static analysis of the Android kernel and found many defects that carried a medium to severe risk:
- 57 control flow issues plague the kernel
- 36 error handling issues are evident
- 17 incorrect expressions
- 53 incidences of insecure data handling
- 23 issues with integer handling
- 83 null pointer dereferences
Although these statistics are concerning, Coverity stated that the Android kernel is recognized to be of significantly higher quality than many other open source projects which have received the same level of scrutiny.
With 9 out of 10 companies incorporating code from open source projects,how many outdated versions of these software packages are organizations using it asks. It created this infographic on the cost of bugs in open source code: