A couple of months ago, at a tech conference, I got into a conversation on whether there are quality differences between open source and proprietary software. This has long been grounds for debate, with one side claiming that open source is better while the other side maintains that, with open source, you get what you pay for.
My “debate partner” – that’s in quotes because we really weren’t taking sides, just having an open (source) conversation – referred me to a study that Coverity does each year:
For those not familiar with the Coverity Scan™ service, it began as the largest public-private sector research project in the world focused on open source software quality and security. Initiated in 2006 with the U.S. Department of Homeland Security, Coverity now manages the project, providing our development testing technology as a free service to the open source community to help them build quality and security into their software development process. The Scan service enables open source developers to scan–or test–their code as it is written, flag critical quality and security defects that are difficult (if not impossible) to identify with other methods and manual reviews, and provide developers with actionable information to help them to quickly and efficiently fix the identified defects. (Source: Coverity Scan: 2012 Open Source Report, which can be downloaded here, here once your register).
The study now goes beyond open source code, and now scans projects that are developed open source or proprietary code. Here are their results:
As you can see, or not see – that snapshot’s pretty blurry (sorry about that) – there’s not much qualitative difference between open source and proprietary code: a defect density of .69 for open source, and .68 for proprietary. (Defect density is the number of defects per 1,000 lines of code. According to Coverity, a defect density of 1.0 is “considered good quality software”, and the code base they analyzed is well below that on both sides.)
I actually wasn’t surprised by this. At Critical Link, we’re part of the open source community, and I know that when we submit code that code goes through a thorough vetting process. (Which is not to say that there’s not some sloppy code floating around out there.)
So if free open source is such a good deal – it’s free, after all, and a lot of it is of high enough quality to be used in commercial development – why would anyone actually buy open source?
One of the most important reasons why someone would want to purchase open source software would be for the support. While there is community-based support for open source code, it’s not necessarily going to be there when you need it. It’s also the case that you may not be able to get updates that would be useful to you, since the coders may have wandered off to new projects that have caught their attention. These things matter when your work is time critical. They also matter if you’re less experienced with the open source code base you’ve adopted, and can’t easily figure things out, make bug fixes, and create enhancements for yourself.
Another advantage of going with a proprietary software solution is that the vendor you work with may also provide you with development help, from design through coding. This is the case with our partner, Timesys, which offers LinuxLink, an embedded software development framework, along with professional services to go along with it.
So, yes, open source code can be good, but there are plenty of situations in which you’re better off going the proprietary route.