

Frightening bugcounts in commercial software - schtog
http://lwn.net/Articles/115530/
http://lwn.net/Articles/115530/<p>"Commercial software typically has 20 to 30 bugs for every thousand lines of
code, according to Carnegie Mellon University's CyLab Sustainable Computing
Consortium. This is equivalent to 114,000 to 171,000 bugs in 5.7 million
lines of code. "<p>What!? That seems like a ridiculously high number. Can it really be true?
Would be interesting to see bugcounts for respective languages and years rather than having it all lumped together.<p>About Linux
"Our findings show that Linux
contains 0.17 bugs per thousand lines of code, which is an extremely low
defect rate and is evidence of the strong security of Linux.  Many security
holes in software are the result of software bugs that can be eliminated with
good programming processes."<p>And Linux is written in C right? So the massive bugcounts in commercial software can't all be blamed on malloc and free...
======
noodle
its not that surprising. typically, there's less than 5 sets of eyes that go
over any given chunk of code in commercial software. there's probably hundreds
that have gone over every inch of the linux kernel.

~~~
corentin
Actually, a single pair of eyes can be enough, depending on who they belong
to... This brute force approach to bug fixing can be applied to Linux because
it's so prevalent, but it's the exception rather than the rule in the open
source world.

~~~
noodle
while thats true, it isn't going to be the case for every company. thats why
there are things like XP and code reviews and such.

------
schtog
My point was more, how the hell could there be that many bugs?

