Beschrijving

This report presents historical trend data collected by Scan researchers over the past two years. Findings are based on analysis of over 55 million lines of code on a recurring basis from more than 250 open source projects, representing 14,238 individual project analysis runs for a total of nearly 10 billion lines of code analyzed. In summary, this report contains the following findings:

• The overall quality and security of open source software is improving – Researchers at the Scan site observed a 16% reduction in static analysis defect density over the past two years

• Prevalence of individual defect types – There is a clear distinction between common and uncommon defect types across open source projects
• Code base size and static analysis defect count – Research found a strong, linear relationship between thesetwo variables• Function length and static analysis defect density – Research indicates static analysis defect density and functionlength are statistically uncorrelated
• Cyclomatic complexity and Halstead effort – Research indicates these two measures of code complexity aresignificantly correlated to codebase size
• False positive results – To date, the rate of false positives identified in the Scan databases averages below 14%