Coverity Scan Open Source Report Shows Commercial Code Is More Compliant to Security Standards than Open Source Code
[ Back ]   [ More News ]   [ Home ]
Coverity Scan Open Source Report Shows Commercial Code Is More Compliant to Security Standards than Open Source Code

MOUNTAIN VIEW, Calif., July 29, 2015 — (PRNewswire) —  Synopsys, Inc. (Nasdaq: SNPS) today announced the release of its annual Coverity Scan® Open Source Report. The 2014 report details the analysis of nearly 10 billion lines of source code through the Coverity Scan service and commercial usage of the Synopsys Coverity® Software Testing Platform, the largest sample size that the report has studied to date. For the report, the company analyzed code from more than 2,500 open source C/C++ projects as well as an anonymous sample of commercial projects in 2014. Additionally, the report highlights results from several popular, open source Java and C# projects that have joined the Coverity Scan service since March 2013.

The Coverity Scan Open Source Report has become a widely accepted standard for measuring the state of open source code quality. Since its inception nine years ago, the Coverity Scan service has analyzed billions of lines of code, and as of today has reviewed more than 5,100 open source projects – including C/C++ projects such as Linux, FreeBSD, LibreOffice, Python, PostgreSQL, Firefox and NetBSD, and Java projects such as Apache Hadoop, HBase, Tomcat, Cloudstack and Cassandra. The Coverity Scan service has helped developers find and fix more than 240,000 defects since 2006. As detailed in the new Coverity Scan Open Source Report, nearly 152,000 defects were fixed in 2014 alone – more than the total amount of defects that had been found in the previous history of the service.

Based on static analysis defect density, open source code outpaced commercial code for quality in the 2013 report. This trend continues in 2014; however, this year the report also compared security compliance standards such as OWASP (Open Web Application Security Project) Top 10 and CWE (Common Weakness Enumeration) 25, and found that commercial code is more compliant with these standards than open source code.

Key findings from the latest report include:

"As a whole, software quality and security are improving, but neither open source nor commercial standards are complete or conclusive enough to catch everything," said Zack Samocha, director of marketing for the Software Integrity Group at Synopsys. "As software projects are being pushed to market faster than ever before, developers need to balance security with speed. As more of these projects use solutions like Coverity Scan, we expect to see continued improvement in open source and commercial code security throughout 2015."

Online Resources

About Coverity Scan

In 2006, the  Coverity Scan service was initiated with the U.S. Department of Homeland Security as a public-private sector research project, focused on open source software quality and security. With the acquisition of Coverity by Synopsys in 2014, Synopsys now manages the project and provides its development testing technology as a free service to the open source community to help them build quality and security into their software development process. To receive the latest updates, register your open source project for the Coverity Scan service and follow us on  Twitter.

About Synopsys

Synopsys, Inc. (Nasdaq: SNPS) is the Silicon to Software™ partner for innovative companies developing the electronic products and software applications we rely on every day. As the world's 15th largest software company, Synopsys has a long history of being a global leader in electronic design automation (EDA) and semiconductor IP, and is also a leader in software quality and security testing with its Coverity® solutions. Whether you're a system-on-chip (SoC) designer creating advanced semiconductors, or a software developer writing applications that require the highest quality and security, Synopsys has the solutions needed to deliver innovative, high-quality, secure products.

Editorial Contact:
Yvette Huygen
Synopsys, Inc.
Email Contact

Investor Contact:
Lisa Ewbank
Synopsys, Inc.


To view the original version on PR Newswire, visit:

SOURCE Synopsys, Inc.

Synopsys, Inc.