Coverity Scan Report Shows Big Data Projects Reducing Defects to Take on Internet of Things
Apache Hadoop, HBase, Cassandra Among Leading Projects Making Steady Progress

MOUNTAIN VIEW, Calif., Dec. 10, 2014 /PRNewswire/ -- Synopsys, Inc. (Nasdaq:SNPS), today announced its latest Coverity Scan® Project Spotlight report, which analyzed the defects in big data projects detected by the Coverity Scan open source software scanning service. In a sample of 16 big data projects that included Apache™ Hadoop®, HBase™ and Cassandra™, the data showed that the average defect density rate for the projects decreased since the release of the 2013 Coverity Scan Report. Synopsys' Coverity business group attributed the defect density rate drop to the critical role big data open source projects play in the Internet of Things (IoT).

An increasing number of organizations are leveraging big data to realize efficiencies in their business processes and are using analytics to track customer behavior and campaign efficiency. With the volume of data being handled by organizations growing exponentially, big data technology is critical for analysis of data that is too diverse, fast-changing, or voluminous to address with conventional technology. Also, software quality for projects that handle big data is becoming more important for enterprises to consider.

The IoT is having a significant effect on big data. IoT will deliver $6.2 trillion of revenue by 2025 and an explosion of data is expected to be generated in the process, according to the McKinsey Global Institute. To leverage this data, organizations must be able to efficiently harvest, store and analyze it. Many of the leading open source projects and technologies that enable the big data movement and support the IoT are using the Coverity Scan service, indicating a drive to improve software quality and security.

"Enterprise Hadoop must meet the requirements established by corporate security officers around the core tenants of authentication, authorization, auditing and data protection," said Tim Hall, vice president of product management at Hortonworks®. "The Hortonworks Data Platform is built on 100 percent open source Apache Hadoop and we support the Coverity Scan open source software scanning service to help focus the community efforts and ensure the numerous Apache Hadoop projects are meeting those enterprise requirements." 

In the 2013 Coverity Scan Report, the average defect density rate for Java projects was 2.72. Ten out of the 16 big data projects in the Coverity Scan Project Spotlight report sample have a lower defect density rate than that average, but many still remain higher than those in C, C++ code bases. Additionally, analysis of the results of the big data projects found that contributors are fixing more critical issues, like resource leaks, null pointer dereferences and concurrent data access violations. However, the Coverity Scan Project report shows that project contributors do have some "Open Web Application Security Project (OWASP) Top 10" issues and need to better examine security to assure sensitive data from IoT devices is secured.

Apache Hadoop
Apache Hadoop has made steady progress in eliminating key defects since Coverity Scan profiled the project in the Coverity Scan 2013 Report. In that report, Hadoop had a defect density rate of 1.71. Since that time, they have reduced it to 1.67.

Apache HBase
Since the 2013 Scan report, almost 200,000 lines of code have been added to the HBase project, and the defect density rate has been lowered from 2.33 to 2.22.

Apache Cassandra
Apache Cassandra has also made progress in eliminating key defects since being profiled in the 2013 Scan report. Previously, Cassandra had a defect density rate of 1.95. Since that time, they have lowered the rate to 1.61.

"Early efforts of the big data projects tracked by Coverity Scan are showing interesting and actionable results," said Zack Samocha, director of marketing for Synopsys' Coverity business group. "IoT and big data have the power to transform lives and our economy. There's a great deal riding on these foundational technologies, and these organizations are taking that responsibility seriously. It's encouraging to see their commitment to addressing critical defects and to taking the appropriate steps to deliver higher quality software to the market."

During the past eight years, the Coverity Scan service has analyzed several hundreds of millions of lines of code from more than 3,000 open source projects – including C/C++ projects such as NetBSD, FreeBSD, LibreOffice and Linux, and Java projects such as Apache Hadoop, HBase and Cassandra. Coverity Scan has helped developers find and fix more than 94,000 defects since 2006. Nearly 50,000 defects were fixed in 2013 alone – the largest number of defects fixed in a single year by Coverity Scan users. More than 11,000 of these defects were fixed by the four largest projects in the service: NetBSD, FreeBSD, LibreOffice and Linux.

Online Resources:

About Coverity Scan
In 2006, the Coverity Scan service was initiated with the U.S. Department of Homeland Security as a public-private sector research project, focused on open source software quality and security. The Coverity business group at Synopsys now manages the project, providing its development testing technology as a free service to the open source community to help them build quality and security into their software development process. Register your open source project for the Coverity Scan service, and follow us on Twitter to get the latest updates.

About Synopsys
Synopsys, Inc. (Nasdaq:SNPS) accelerates innovation in the global electronics market. As a leader in electronic design automation (EDA) and semiconductor IP, Synopsys delivers software, IP and services to help engineers address their design, verification, system and manufacturing challenges. Since 1986, engineers around the world have been using Synopsys technology to design and create billions of chips and systems. Learn more at

SOURCE Coverity

For further information: Laura Baller, Coverity, +1.415.694.5305,, Michelle Kincaid, LEWIS PR for Coverity, +1.415.432.2467,