#4 High-risk defects persist:

36 percent of the defects fixed by the 2012 Scan report were classified as “high-risk,” meaning that they could pose a considerable threat to overall software quality and security if undetected. Resource leaks, memory corruption and illegal memory access, all of which are considered difficult to detect without automated code analysis, were the most common high-risk defects identified in the report.

“This year’s report had one overarching conclusion that transcended all others: development testing is no longer a nice-to-have, it’s a must-have,” said Jennifer Johnson, Chief Marketing Officer for Coverity. “The increasing number of open source and commercial projects that have embraced static analysis have raised the bar for the entire industry. As we see year-in and year-out, high-risk defects continue to plague organizations; simply put, if you are not doing development testing, you’re at a competitive disadvantage.”

While static analysis has long been cited for its potential to improve code quality, there have been two significant barriers to its adoption by development organizations: high false positive rates and a lack of actionable guidance to help developers easily fix defects. Coverity has eliminated both of these obstacles. The 2012 Scan Report demonstrated a false positive rate for Coverity static analysis of just 9.7 percent in open source projects. Additionally, the 2012 report noted more than 21,000 defects were fixed in open source code—more than the combined total of defects fixed from 2008-2011.

“We started the Coverity Scan project seven years ago with the U.S. Department of Homeland Security, as a resource for the open source development community to improve the quality of their software,” said Andy Chou, co-founder and Chief Technology Officer for Coverity. “Each year, driven in part by advances in static analysis technology, the size and scope of the report increases—as do the number of defects identified and fixed. We’re very proud to see how the Coverity Scan service has evolved to become a key indicator of code quality for both open source and proprietary software, and look forward to continuing this work in the years to come.”

Also Read: 7 Epic Facts About Enterprise Failures

Also Read: Microsoft's Satya Nadella Challenges Amazon With a New Cloud Service