Sibling Rivalry: Code Quality & Open Source

by

Why does “Free” always seem to have a catch to it?

We know there’s “no such thing as a free lunch,” that “freedom isn’t free” and that if you get something for free, you probably got what you paid for. Even in the tech industry, when we talk about open source software, we immediately think “free”, yet instantly jump to the old caveat of “think free speech, not free beer,” the idea there being that open source is the layer-by-layer developed product of well-intentioned developers seeking to produce high quality software that competes with established applications.

Lately, though, there are some in the industry who are questioning whether or not open source software has lost sight of its mission to produce applications that meet high software quality standards. As Willie Faler recently posted over at DZone:

It seems by the time an open source project has reached some level of mass adoption or awareness, most of the time the projects codebase will have degraded into such a poor state as to where it is completely stagnant, or even worse, unmaintainable.

Could open source contributors be taking advantage of their “free speech” or are they writing code after too much “free beer?”

Butting Headsopen source software

While Faler admits he has no definitive answer to his dilemma, he offers a list of possible reasons why, in his estimation, open source has taken a nosedive quality-wise recently. He submits the following theories for this downward spiral:

 

  • Lack of discipline from core developers in enforcing good practices.
  • Demands for backward compatibility locking in frameworks into poor, inflexible API’s, unable to refactor away poor past decisions.
  • Tendency among core developers to let in poor code contributions to appease community members.
  • Over eagerness to constantly add (sometimes unneeded) features and chase higher version numbers, rather than “sharpen the saw” and improve the core codebase and feature-set.
  • Just naturally occurring entropy over time and no one dealing with it?

While we would like to believe these things do not happen, we would be fools to ignore them. Complacency, appeasement and entropy are all plagues from which businesses suffer, why not open source, too?

Why? Because it can’t afford to.

Embracing the Relationship

In some fashion, open source really needs to return to its roots where a community of software developers added to and improved upon what already existed. But just as we know “nothing is free,” we also know “you can’t go back.” Unfortunately, that leaves us in a precarious position of trying to identify the issues with open source software.

Sadly, this brings up the old “needle in a haystack” analogy because the average open source application contains roughly 450,000 lines of code (slightly more than your out-of-the-box apps). Trying to find the 100 or so offending lines of code by hand would not only be grossly inefficient, but if you subscribe to Faler’s theories of complacency, appeasement and entropy, it’s unlikely anybody would take the time to bother finding them.

So finding the offending code in that many lines would require some form of automated analysis and measurement platform, but there again lies a problem. Most platforms of this sort are available only to large corporations with generous IT budgets, so its use runs contrary to the idea of “free” no matter how you define it for open source – be it free as in low-cost or free as in free from the encumbrances of “the establishment.”

But this doesn’t mean there is no way to perform a thorough structural analysis of open source software. We are beginning to see structural analysis being made available as a SaaS offering via the cloud. Such a web-based, low-cost (with TCO running at around pennies per line of code) solution would surely agree with open source sensibilities while providing the visibility needed to identify and correct structural issues with the software.

Employing QaaS – “Quality as a Service” – could help re-unite open source with its software quality brother.

Filed in: Technical Debt
Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey
Jonathan Bloom
Jonathan Bloom Technology Writer & Consultant
Jonathan Bloom has been a technology writer and consultant for over 20 years. During his career, Jon has written thousands of journal and magazine articles, blogs and other materials addressing various topics within the IT sector, including software development, enterprise software, mobile, database, security, BI, SaaS/cloud, Health Care IT and Sustainable Technology.
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|