[SystemSafety] Request for links to papers about software defect densities

Derek M Jones derek at knosof.co.uk
Mon Nov 9 10:25:23 CET 2020 

Peter,

> Coverity have done a lot of static analysis studies on open source software
> (sponsored by DHS)

The Coverity license agreement used to prohibit anybody publishing the
results of their source code scans, even the DHS sponsored scans required
agreeing to these terms:
https://shape-of-code.coding-guidelines.com/2012/07/20/why-does-coverity-restrict-who-can-see-its-tool-output/

> I don't know if there are any peer reviewed papers,

A peer reviewed paper has nothing to do with the validity of the data.
There are plenty of peer reviewed papers doing dodgy analysis of dodgy data,
and there are some non-peer reviewed papers doing interesting analysis of
interesting data.

Requiring that papers be peer reviewed is just a way of saying that
somebody doe snot have the expertise needed to sort the wheat from
the chaff (of which exists in buly in peer reviewed papers and
others).

> but I obtained the attached info from Coverity (some time back now).
> 
> Of course these are only implementation bugs, (did you build the system
> right?)
> Excludes higher design and requirements flaws (did you build the right
> system?)
> 
> Regards
> 
> Peter
> 
> On 29/10/2020 10:05, Martyn Thomas wrote:
>>
>> Colleagues
>>
>> I would be grateful for links or references to peer-reviewed papers
>> that contain experimental or empirical evidence about software defect
>> densities. I know of work over 30 years ago and it would be useful to
>> have data that is more recent.
>>
>> Thanks for any help you can give
>>
>> Martyn
>>
>> Martyn Thomas CBE FREng
>> Emeritus Professor of IT and Fellow, Gresham College
>>
>>
>> _______________________________________________
>> The System Safety Mailing List
>> systemsafety at TechFak.Uni-Bielefeld.DE
>> Manage your subscription: https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
> 
> 
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
> Manage your subscription: https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety
> 

-- 
Derek M. Jones           Evidence-based software engineering
tel: +44 (0)1252 520667  blog:shape-of-code.coding-guidelines.com

More information about the systemsafety mailing list