A new study released today by code-analysis tools maker Coverity Inc. finds that overall quality and security of the Linux kernel has improved substantially in the last six months. Specifically, six potentially critical defects in the core file system and networking code have been fixed, the company said.

In December 2004, Coverity analyzed Linux kernel 2.6.9, and identifed the defects. In its just-completed analysis of the more recent Linux kernel 2.6.12, Coverity found that all critical problems have been removed. Although new defects were introduced into the kernel, all of the known potentially serious defects were fixed, according to Coverity.

Coverity says it analyzed approximately six million lines of software in the study. Defect density decreased slightly, by 2.2 percent — from 0.17 defects thousand lines of code in December 2004, to 0.16 defects in July 2005.

Back in December, just prior to the start of this latest study, Coverity reported that Linux overall has fewer bugs than typical commercial software. The company said the 2.6.9 Linux kernel has one bug for every 5,787 lines of code, compared to the commercial software norm of one bug per 40 lines.

Commercial software typically has 20 to 30 bugs for every thousand lines of code, according to Carnegie Mellon University's CyLab Sustainable Computing Consortium, as cited by Coverity. The 2.6.9 Linux kernel had 5.7 million lines of code, but only 985 bugs, Coverity said, including 627 bugs in critical parts of the kernel, 568 crash-causing bugs, 25 buffer overruns, 33 resource leaks, and 100 security bugs.

 
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.