The US Department of Homeland Security (you know, the TSA guys who ask you to take your shoes off, prohibit you to carry a replacement battery for your laptop, and like to search through your dirty laundry) does also useful stuff such as evaluating America’s vulnerabilities in various domains (security and terrorism, trade, travel, IT, etc.), in coordination with other federal and local agencies or private companies. As part of this process, it commissioned a million dollar study on vulnerabilities of open source software, which was performed by Stanford University (my neighbor!), by application audit specialist Coverity, and by vendor Symantec.

This project was initiated in 2006 and called Vulnerability Discovery and Remediation, Open Source Hardening Project. It has recently published its conclusions. Initially aiming to check and correct the code of about fifty open source offerings, it was then extended to 150 projects in 2007 and 250 in 2008. The projects reviewed include the Apache Web server, Linux, Firefox, Samba, PHP, Python, Ruby, etc.

One of the main conclusions of Coverity’s white paper highlights the improvement of the global quality and security of open source software: in two years, defects and other bugs were reduced by 16%, or approximately 8,000 bugs fixed during that time period. The bug density went down from 0.30 to 0.25 bugs per 1,000 lines of code. The increase in the number of users and the size of development communities explain partially this decrease, with vendors benefiting from more testing.

For information, since we launched the first version of Talend Open Studio, we have fixed 1463 bugs and implemented 864 feature requests, thanks to a permanent dialog with our users via our forum and bugtracker. This dialog and proximity with users the world over are the foundation of our strategy and provides unmatched user satisfaction. And beyond the costs aspects, this part of our model is what differentiates us from traditional solutions. Users follow suit, since the “enterprise grade” of open source solutions is the second most important factor justifying the purchasing decisions in enterprises - the first one being the lower TCO.

This kind of study is a further encouragement for open source vendors like Talend. If only the DHS/TSA could fix its bugs at the same rate.

Bertrand