<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body>
<p>I published some date on defect rates discovered by weak static
analysis in ~4m lines of C++ code in the SCSC newsletter several
years ago, but it doesn't meet Martyn's criterion of being peer
reviewed. I was not at liberty to provide the source of the
original data.<br>
</p>
<p>It's very hard to get figures for discovered defects in
closed-source code. One way that defect rate data might be
generated is if proper static analysis were applied to a large
body of open-source software that hasn't had full static analysis
applied before, and the issues identified examined to see whether
they represented actual defects or not (which is what I did in the
study I published, except that the static analysis was weak). Any
ideas on who might fund such a project?<br>
</p>
<p>Cheers<br>
</p>
<pre class="moz-signature" cols="72">David Crocker, Escher Technologies Ltd.
<a class="moz-txt-link-freetext" href="http://www.eschertech.com">http://www.eschertech.com</a>
Tel. +44 (0)20 8144 3265 or +44 (0)7977 211486</pre>
<div class="moz-cite-prefix">On 06/11/2020 18:39, Steve Tockey
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:DBCAD795.14E728%25Steve.Tockey@Construx.com">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<div><br>
</div>
<div>Along these same lines, does anyone have any reliable data on
defect re-injection rates? Specifically, I remember hearing that
on average for every 8 defects that are fixed, a new defect is
injected as a result of that fix.</div>
<div><br>
</div>
<div>Does anybody have a pointer to reliable data along these
lines?</div>
<div><br>
</div>
<div><br>
</div>
<div>Thanks,</div>
<div><br>
</div>
<div>— steve</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri; font-size:11pt;
text-align:left; color:black; BORDER-BOTTOM: medium none;
BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT:
0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid;
BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style="font-weight:bold">From: </span>systemsafety <<a
href="mailto:systemsafety-bounces@lists.techfak.uni-bielefeld.de"
moz-do-not-send="true">systemsafety-bounces@lists.techfak.uni-bielefeld.de</a>>
on behalf of Martyn Thomas <<a href="mailto:martyn@72f.org"
moz-do-not-send="true">martyn@72f.org</a>><br>
<span style="font-weight:bold">Date: </span>Thursday, October
29, 2020 at 2:05 AM<br>
<span style="font-weight:bold">To: </span>"<a
href="mailto:systemsafety@techfak.uni-bielefeld.de"
moz-do-not-send="true">systemsafety@techfak.uni-bielefeld.de</a>"
<<a href="mailto:systemsafety@techfak.uni-bielefeld.de"
moz-do-not-send="true">systemsafety@techfak.uni-bielefeld.de</a>><br>
<span style="font-weight:bold">Subject: </span>[SystemSafety]
Request for links to papers about software defect densities<br>
</div>
<div><br>
</div>
<div>
<div>
<p>Colleagues</p>
<p>I would be grateful for links or references to
peer-reviewed papers that contain experimental or
empirical evidence about software defect densities. I know
of work over 30 years ago and it would be useful to have
data that is more recent.</p>
<p>Thanks for any help you can give</p>
<p>Martyn</p>
<p><font size="-1">Martyn Thomas CBE FREng<br>
Emeritus Professor of IT and Fellow, Gresham College</font><br>
</p>
</div>
</div>
</span>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
The System Safety Mailing List
<a class="moz-txt-link-abbreviated" href="mailto:systemsafety@TechFak.Uni-Bielefeld.DE">systemsafety@TechFak.Uni-Bielefeld.DE</a>
Manage your subscription: <a class="moz-txt-link-freetext" href="https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety">https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety</a></pre>
</blockquote>
</body>
</html>