Hi Rob
> You are focusing on security and exploits (which is obviously a very > > important area). But I was thinking more in terms of program stability > > *during* usage. I assume that Coverity's "project's defect density" would > > reflect this? > > > > The correlation is not clear. I'd note, for example, that the Swiss > Supreme Court gave a presentation recently where they said they prefer > Apache OpenOffice over LibreOffice because of the greater stability of > AOO. > I do too. That is why I'm curious about this. > If I had to guess, what is probably true is that defect density in > newly written code is correlated to real-world quality, as seen by > users. But 10-year old code? Over a long period of time serious > bugs of this kind -- crash bugs and other instability issues -- tend > to be identified by users and are either fixed or at least well-known. > We're unlikely to find new serious instabilities by examining ancient > code. > Fair enough. That is mostly true for repeatable bugs. My expectation was that this kind of analysis would spot those hard to find bugs that cause unreproducible crashes... > > So I would be more interested in running a debug build that could log > these > > occasional crashes (if they are not occasional and I can replicate them, > I > > create a regular Issuezilla bug report). > > > > What OS are you running on? > Windows (XP Pro x86 and 7 Pro x64) Regards, Pedro
