Linux Has Fewer Bugs Than Rivals

sushant_bhatia_progr writes "Wired has an article stating that according to a four-year analysis of the 5.7 million lines of Linux source code conducted by five Stanford University computer science researchers, the Linux kernel programming code is better and more secure than the programming code of most proprietary software. The report, set to be released on Tuesday, states that the 2.6 Linux production kernel, shipped with software from Red Hat, Novell and other major Linux software vendors, contains 985 bugs in 5.7 million lines of code, well below the industry average for commercial enterprise software. Windows XP, by comparison, contains about 40 million lines of code, with new bugs found on a frequent basis. Commercial software typically has 20 to 30 bugs for every 1,000 lines of code, according to Carnegie Mellon University's CyLab Sustainable Computing Consortium. This would be equivalent to 114,000 to 171,000 bugs in 5.7 million lines of code."

Mistake

[StevenHenderson]

Windows XP, by comparison, contains about 40 million lines of code

I think they mean "40 million lines of bugs" :)

Congratulations...

[kjones692]

...but while they were going through all those 5.7 million lines of code, would it really have killed them to debug them while they were at it??

Conflict of interest...

[BJZQ8]

The problem is that there is very often little vested interest in fixing bugs in closed software...if it can be covered up, then so be it. In open software, there's always a reason, even if it is just to keep people from pointing at your code and laughing.

Re:Conflict of interest...

[akadruid]

If it can be covered up then it's not a very serious bug. Why spend money fixing bugs that aren't a big deal?

See Also: Diebold [wikipedia.org]

Re:Mistake

[Kjella]

This just in! "Hello world" has 0 bugs per three lines of code! Most stable and secure software ever devised!

Actually, hello world has the highest ratio of bugs/program complexity I've seen. Depends on who is doing the implementation, I guess.

Kjella

Re:20-30 bugs per 1000 lines???

[Bachus9000]

A rate of 20-30 bugs per 1000 lines would render most programs unusable.

Sounds like Windows to me! :-)

It's a joke, laugh. :)

So in all this code auditing...

[eno2001]

...have they found any SCO bugs? ;P I kid, I kid! Because I love!

No it doesn't

[Noksagt]

// This code has fewer bugs per line of code than the Linux Kernel!

#include expects "FILENAME" or . In this case, perhaps stdio.h. Which means you have a very high bugs/LoC rate.

Update

[Tom]

Update: 18 hours after posting the study, the Linux kernel team had eliminated all the bugs documented in the study, forcing the researchers to correct the bug count down to 0 per 10,000 lines.

Re:What about the ones they missed?

[AccUser]

Not to be a downer but, how do we know they didn't miss anything?

Like the man said...

There are bugs we know we know.
There are bugs we know we don't know.
There are bugs we don't know we know.
There are bugs we don't know we don't know.

82, 82, 82

[imploded_monkey]

Charlie: 82 what? Raymond: Bugs in the Linux kernel. Charlie: There's a lot more than 82 bugs, Ray. Raymond: 985 total. Oh wait. I forgot, they didn't have rain man count the bugs. They had 5 grad students running some lame source code analysis software. It's definitely 985 bugs then...definitely...

OK

[hackstraw]

Linux software ... contains 985 bugs in 5.7 million lines of code

I hope they submitted a patch :)

Sorry I need a more easy to understand metric

[Anonymous Coward]

How many library of congresses could these bugs fill?

Breaking News!!!

[Class Act Dynamo]

This just in: Microsoft has purchased Stanford University. These rogue researchers have been fired and put in jail on nebulous theft charges. Stanford University announces that Windows is better than Linux according to its research.

IEFBR14

[iBod]

When I walked with dinosaurs (ok, IBM mainframes) as a sysprog, there was a utility program named IEFBR14.

The purpose of IEFBR14 was to do exactly nothing, and pass a zero return code to the caller after doing the 'nothing' (branching on the return address in register 14 - thus BR 14).

This was actually more useful than it sounds and was used frequently in MVS JCL (Job Control Language) to make JCL do its thing without having to run a real program in a JCL 'step'.

Thing is, this program that had to do precisely nothing, had no less than 3 patches issued from IBM. Mostly to do with not clearing R15 (the return code register) correctly.

Go figure!

Re:Mistake

[Shachaf]

Using HQ9+ [biffle.org], I can do it with one character!

Re:How can one be sure

[maxwell demon]

The kernel of Windows XP [...] which is composed of the Hal [...]

This may explain the Windows crashes. "Sorry Dave, I cannot let you do that."

Re:IEFBR14

[iBod]

Yes, as you say, It allowed the JCL to work its dubious magic with file allocations etc.

Did you ever figure out condition code interpretation in JCL? It always seemed backwards to me COND(0,4) LE and all that???

Re:Mistake

[MyLongNickName]

Excessive information hiding exacerbates any bugs in inherent in the system attempting to do the hiding.

Excessive verbage inclusion exacerbates recipient misunderstanding of the intended message.

Re:Mistake

[Dread_ed]

Dammit dbacher, stop making sense and being all rational and stuff!

We're trying to bash the dogshit out of MS products here and you are messing it up!

Go to your cubicle!