Black Duck Blog

Jim Berets
Vice President of Product Management
jberets@blackducksoftware.com

Deciding which open source components to use in a development project requires consideration of a variety of factors including suitability for the problem at hand, licensing terms, quality, security, and supportability.

Coverity recently released a report showing that OSS continues to improve in quality. The report, which analyzed more than 280 open source projects found “the overall integrity, quality, and security of open source software is improving.”

The most highly vetted projects – Samba, tor, OpenPAM and Ruby – graduated to what Coverity calls “Rung 3″; an additional 32 projects graduated to “Rung 2″ because they “eliminated multiple classes of potential security vulnerabilities and quality defects from their code.” (Higher rungs indicate the resolution of issues identified at lower rungs, and a higher degree of analysis by Coverity’s tools.)

Reviewing the 36 “Rung 2″ projects using data contained in the Black Duck KnowledgeBase yields some additional insights:

- The quality of the Rung 2/3 projects stems at least in part from longevity and breadth of use. They are, on average, more than 8 years old.

- Vitality matters in selecting OSS. The communities behind these projects have collectively delivered more than 1,300 releases, at an average of about 5 releases per year, per project.

Mounting evidence supports the view of open source as a cornerstone of application development and IT infrastructure. The Black Duck KnowledgeBase of over 200,000 open source projects provides our customers with important project vitality information, as well as license and other metadata, to support making good choices when selecting components.