A four-year comprehensive review of the source code of the Linux kernel by Coverity Inc. has been completed this year. The review found that Linux kernel 2.6, out of 5.7 million lines of code, has 985 "flaws". Among these flaws, more than half were bugs that caused the kernel to crash under specific operational circumstances. 25 flaws were buffer overruns, which could be exploited as security vulnerabilities, and 33 were bugs that degraded performance.
I find the number of kernel crash bugs particularly humorous. The fact that there are probably around five hundred of the things, and yet it is such a rock-solid stable OS while Windows dumps regularly, indicates that a number for similar flaws in Windows source must be astronomical. It has to be in the tens of thousands at least, I would think.
In any case, 985 sounds like a lot, but that's only .17 flaws per thousand lines of code. Meanwhile, the average rate of bugs in the source code for commercial software packages is more like 10 or 20 per thousand lines of code. We're talking about roughly a hundred times as many flaws per thousand lines as what has been found in the Linux kernel. I'm amused.
In other news, there's been a response to Steve Ballmer's speech in Asia wherein he stated that Linux infringed on "over 228" patents. He made to big mistakes there. One is in using "over 228" when the actual number was 283. The other is the fact that the study that came up with this number didn't say Linux infringed on that many patents — only that it could potentially be found to infringe on that many patents if every single company that holds a patent that might conflict with Linux OS functionality were to suddenly start suing, and if they all to miraculously win. The chances of that sort of win rate are pretty slim.
Of course, OSRM (the organization that sponsored the study) also said that this was an unremarkable number, and that other Unices and Windows almost certainly suffered at least that many potential patent infringements. Furthermore, while many commercial software packages have been targeted with patent infringement suits, no piece of open source software has ever been dragged into court for patent infringement. None. The moral of the story: Don't believe the FUD.
I found an interesting editorial piece about software patents. I tend to agree with its author's analysis.
