Free and open source software such as Firefox, LibreOffice, and Linux is enjoying increasingly widespread adoption on business and home computers alike, but every once in a while a naysayer will still pipe up with one vague concern or another about open source quality, in particular.

"You get what you pay for," such detractors often like to say.

It's all just a matter of FUD, of course, and a new report from development testing firm Coverity helps to confirm that.

In its 2011 Coverity Scan Open Source Integrity Report, which was released on Thursday, Coverity actually found that open source code has fewer defects per thousand lines of code than proprietary software code does.

“The line between open source and proprietary software will continue to blur over time as open source is further cemented in the modern software supply chain," noted Zack Samocha, Coverity's project director for the Scan project.

Searching for Defects

Originally launched by Coverity along with the U.S. Department of Homeland Security in 2006, the Scan project is the largest public-private sector research effort focused on open source software integrity, Coverity says.

Included in this year's analysis were more than 37 million lines of open source software code and more than 300 million lines of proprietary software code from a sample of anonymous Coverity users.

To conduct its analysis, Coverity used a testing platform that was upgraded this year with the ability to find more new and existing types of defects in software code, the company says.

Linux 2.6 Stands Out

Among Coverity's findings was that in proprietary codebases, which averaged 7.5 million lines of code in size, the average number of defects per thousand lines of code was .64.

That may sound pretty small, but in open source software the figure was even smaller. Specifically, with an average open source project size of 832,000 lines of code, the average defect density was .45 defects per thousand lines of code.

Where codebases were of similar size, open source code quality was pretty much on par with proprietary code quality, Coverity found. Linux 2.6, for example--a project with nearly 7 million lines of code--had a defect density of .62, which is still slightly better than that of its proprietary codebase counterparts.

Among open source projects, Linux 2.6, PHP 5.3, and PostgreSQL 9.1 can be used as industry benchmarks, the company said, with defect densities of .62, .20, and .21, respectively.

This is not to say that open source software is always the best solution for every purpose. When it comes to choosing new software, however, quality is one of open source's many assets--not a liability.