Code/Software quality

Code quality and quality of software development/applications has always been a hot topic. The problem in the commercial world is that because code is closed source, you as a customer of a commercial software vendor, have no idea what the quality is of that application because you have no access to the code. Code could be of the highest quality or the poorest, suffering from bugs and security issues unknown to you.

On the other side of the coin, Microsoft and others would have you believe that FOSS software ( because of it’s openness ) is vulnerable to back doors and like – but I’m sure you’ve seen through that argument immediately. If there was a problem in the code, the very fact that it is open allows many to check it for issues like those MS have indicated.

Coverity is a commercial software developer who happens to create tools to check the quality of software code – and have developed a strong relationship with the FOSS community, having done code checks on a number of FOSS projects including the Linux kernel. The reports have been very favorable towards the quality of FOSS software, which in contrast to commercial software, has some of the lowest bug counts of any applications available. In addition, FOSS software appears to have bugs/security issues fixed at a much high rate, and sooner, than commercial software. The FOSS community development model has proven itself over and over, and is likely to be the dominant model going forward for the foreseeable future.

But where is this all going? Well I’m setting the scene for some startling information to come out of a court case in the US – State vs Chun. Draeger make a product called the DRAEGER ALCOTEST 7110 MKIII-C – an alcohol breath tester used in the States. As part of the court case, the judge allowed the state’s request to have the code from the breathalyser tested by an independent code tester, Base One Tech ( similar to Coverity ). What Base One found was pretty interesting:

Despite Draeger’s protestations that the code was proprietary, Base One found that the code consists mostly of general algorithms arranged in a manner to implement the breath testing sequence. “That is, the code is not really unique or proprietary.” Draeger reviewed the code, as well, through its software house, SysTest Labs, which agreed with Base One, that the patchwork code that makes up the 7110 is not written well, nor is it written to any defined coding standard. Base One, however, did an extensive evaluation, finding 19,400 potential errors in the code!

The final outcome was that the unit should be suspended from use until such time as it could be coded against an acceptable set of software development standards.

“An incorrect breath test could lead to accidents and possible loss of life, because the device might not detect a person who is under the influence, and that person would be allowed to drive. The possibility also exists that a person not under the influence could be wrongly accused and/or convicted.”

Scary that we are at the mercy of commercial vendors like Draeger, the results of which can lead to loss of life and incorrect incarceration. Moral? Commercial vendors should open their code and stand up to public security. That is the only way we can be certain their code has our best interest in mind.