Here’s yet another article about that U.S. government-funded bug scan that Coverity is performing for various prominent open source projects: Developers fast to fix open-source bugs. From the graph accompanying the article, it looks like the exercise has been an unqualified success. However, I’m privy to the results of some of those scans. I can tell you that the scanning tools are highly paranoid and report large numbers of “bugs” that are non-issues. It’s curious to note that this has dual positive effects:
- Coverity’s tools look good due to the sheer volume of “bugs” they detect
- Open source developers look awesome in light of their ability to fix hundreds of bugs in a week