Slashdot Mirror


Ask About Proprietary vs. Open Source Code Quality

Scott Trappe is CEO of Reasoning, a company that has gained a certain amount of noteriety (and a Slashdot mention) by running its Ilumna automated inspection service on several versions of TCP/IP -- and concluding that the Linux version has fewer bugs than most proprietary ones. Why is this? Let's ask Scott, and also ask him any other question you can think of about software quality and how to achieve it since, after all, that's his business. We'll send him 10 of the highest-moderated questions and post his answers when we get them back.

10 of 196 comments (clear)

  1. sample size and conclusions by tim_maroney · · Score: 5, Insightful

    How can any conclusions about the relative virtues of two development methodologies with a universe in the millions of components be drawn from a single sample, and one as small and atypical as a TCP/IP stack?

  2. Issues behind test cases for proprietary v.s. open by Tekmage · · Score: 4, Insightful

    One of the bigger challenges facing open source projects as compared to their proprietary equivalents is how to manage confidentiality of test cases. With companies such as Red Hat and Ximian involved, it's certainly less of an issue for their core products and projects they over-see, but there will always be cases where there is friction when the best/only person who can fix a particular problem is on the outside, unable to work with the test cases in question.

    What are your thoughts on this trade-off between test case management and confidentiality as it relates to proprietary v.s. open source code development?

    --
    --The more you know, the less you know.
  3. Internally inconsistent argument by spakka · · Score: 3, Insightful

    Since you are a small team rather than the entire open source community, don't your own conclusions imply that you are likely to be detecting only a small fraction of the defects, invalidating the study?

  4. Re:Open. Source. Fucking. Sucks. by jedidiah · · Score: 3, Insightful

    Silly peon.

    "open source" works because your owner needs something done and may realize that it makes more sense to spend labor on the problem rather than money. There also may be no compelling reason to maintain ownership over the results.

    Software is a tool, not fools gold.

    Software is valuable for what it can do for people who don't have any interest in selling it.

    --
    A Pirate and a Puritan look the same on a balance sheet.
  5. Re:What exactly is being compared. by sjames · · Score: 3, Insightful

    Hence, TCP/IP is rock solid in linux, yet development on the desktop crawls along in 100 different directions at once, gaining little ground.

    Actually, the Linux desktop has gained a lot of ground, as have the distro installers. If anything, public perception lags far behind the reality. That's not too surprising given that the OS community isn't pumping millions of dollars into marketing.

  6. So if open source is so good... by anthony_dipierro · · Score: 4, Insightful

    Where can I get the source code to these automated inspection tools?

  7. The terms open/proprietary don't help you tell ... by mikefocke · · Score: 3, Insightful

    It is possible to have a proprietary model and to have code reviews required (and documented) done by competent system architects and security experts. It is also possible for proprietary developers to do no reviews and to lack the skill and experience and coding standards and automation to produce reliable code.

    It is possible to have an open source model and have the code reviewed by no one but the original coder. Or to have 15 reviewers of varying competence looking at ever line and debating it vigorously.

    It is possible in the same OS to have source files or code fragments from various sources with various development and review methodologies. Some can be as extreme as using/requiring automated tools to find potential errors and requiring skilled reviewers. Some as lax as no review by anybody or anything.

    Given this diversity, how can the terms open and proprietary be used to usefully describe software quality? Doesn't it depend not on the open/closed but on the amount of skill of the coder, automation of the review and experience of the reviewers. And isn't that independent of open/proprietary?

  8. Do you study the process of the Development team? by Lodragandraoidh · · Score: 3, Insightful

    Do you study the makeup and practices of the development team as part of your analysis? Would you find it useful to know if a team favored one lifecycle methodology over another - and are there any correlations you have seen along these lines?

    --

    Lodragan Draoidh
    The more you explain it, the more I don't understand it. - Mark Twain
  9. Does bug count==quality? by swordgeek · · Score: 3, Insightful

    Bug-free software is obviously an ideal goal, but it's not the only thing that measures code quality, in my mind.

    Do you forsee any metrics in the (near) future to measure other aspects of code quality? Performance is obviously important, but what about things like code style, modularity, and 'cleanliness?'

    --

    "People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
  10. Stupidity and Lies (Broken Metric) by oldCoder · · Score: 4, Insightful
    The companys bug scan software looked at TCP/IP stacks from different OSes. Presumably they implemented the same functionality. The statistics given are not for the stacks as a whole, but are given in "Defects per 1000 lines of code".

    Think about that.

    If Stack A is 3 times as large (bloated code) but has only 2 times the bugs as stack B, then stack A (worse in all respects) gets a better grade!!!

    You can halve your defect count by doubling the number of lines of code in your module. What a rip! How could so many people read and write about this and not see the problem.

    --

    I18N == Intergalacticization