Frightening bugcounts in commercial software (lwn.net)

1 points by schtog ↗ HN
http://lwn.net/Articles/115530/

"Commercial software typically has 20 to 30 bugs for every thousand lines of code, according to Carnegie Mellon University's CyLab Sustainable Computing Consortium. This is equivalent to 114,000 to 171,000 bugs in 5.7 million lines of code. "

What!? That seems like a ridiculously high number. Can it really be true? Would be interesting to see bugcounts for respective languages and years rather than having it all lumped together.

About Linux "Our findings show that Linux contains 0.17 bugs per thousand lines of code, which is an extremely low defect rate and is evidence of the strong security of Linux. Many security holes in software are the result of software bugs that can be eliminated with good programming processes."

And Linux is written in C right? So the massive bugcounts in commercial software can't all be blamed on malloc and free...

4 comments

[ 7522 ms ] story [ 122 ms ] thread
its not that surprising. typically, there's less than 5 sets of eyes that go over any given chunk of code in commercial software. there's probably hundreds that have gone over every inch of the linux kernel.
Actually, a single pair of eyes can be enough, depending on who they belong to... This brute force approach to bug fixing can be applied to Linux because it's so prevalent, but it's the exception rather than the rule in the open source world.
while thats true, it isn't going to be the case for every company. thats why there are things like XP and code reviews and such.
My point was more, how the hell could there be that many bugs?