Black Duck Software Busts Myths About Application Development

KnowledgeBase of Open Source code mined from nearly 4,000 websites sheds light on OS projects and community

WALTHAM, Mass., December 9, 2008—Beyond user surveys, there is little actual data on the dynamic open source software industry. As a result, some inaccuracies have prevailed, including the belief that open source developers have created only a few billion lines of code. Today, Black Duck Software released research based on the Black Duck KnowledgeBase that dispels this and other common “myths”—five in all—about open source in application development. These findings were derived from actual analysis of open source software rather than just user perception.

Black Duck Software actively spiders the Internet collecting downloadable code into a giant repository which is known to Black Duck customers as the KnowledgeBase. This core information repository contains more than 170,000 open source projects from nearly 4,000 unique web sites. It is the largest collection of open source software in the industry. Black Duck mines this valuable resource for information about the development of the open source industry.

Black Duck’s recent findings dispel the following misconceptions about open source software (OSS) in application development:

• Myth: Open Source is just source code
  Source code is actually only 15% of what is released by open source developers. There are four times as many binary files as source files in open source releases. In addition to binaries, open source projects are packaged with scripts, markup language files, graphics images, documentation and many other artifacts. See Figure 1 below.

• Myth: Open Source adoption is mostly application infrastructure
  There is a tendency to focus on adoption of monolithic applications in IT infrastructure, for example, Linux or MySQL. The Black Duck KnowledgeBase shows that the open source world is dominated by components, not fully formed applications, and these are being reused from project to project in hundreds and even thousands of instances. One example, Apache Log4j is reused by over 5500 projects. Java developers, in particular, have taken tremendous advantage of code reuse. There are 14 times more files distributed ending in the .class file suffix (binaries) than .java (source files). A major reason is that Java components are built once and reused and redistributed by many other projects in binary form.

• Myth: There are a few billion lines of code out there
  This figure is an order of magnitude too low. There are tens of billions of lines of open source code available on the Internet. In addition, twenty-three percent of all downloadable code was released or renewed in 2008. Over 90% of open source code is written in the major languages: C, C++, Java, Javascript and C#, however, dozens of languages are used. Figure 2 below breaks down open source by line count.

• Myth: Real programmers do NOT comment
  Open source developers create about one comment line for every four lines of source code. The most commented programming language is Java with more than one comment line for every two lines of code. The least commented language is Boo; a python-inspired programming language that operates within the .net framework. Table 1 and 2 show the most and least commented languages used in open source code.

• Myth: GPL Version 3 is being ignored
  First released in June 2007, GPL version 3 has grown from zero to over 6,300 projects. In terms of project adoption, it has surpassed the CPL, Mozilla, MIT and Apache licenses. GPLv3 is now the fifth most chosen license in the open source community and if the current trend continues, it will surpass BSD for the number four spot in a year or two. About 70% of all open source projects use a variant of the GPL license. For further information about GPL version 3 adoption, please visit the Open Source Resource Center (www.blackducksoftware.com/oss) on the Black Duck website.

Black Duck’s KnowledgeBase is fundamental to our enterprise productivity solutions that streamline hybrid development, an approach which safely and effectively combines homegrown, open source and other third-party code. Black Duck regularly sends KnowledgeBase updates to customers via the Internet. Our enterprise solutions help application developers manage code usage including finding code to reuse, monitoring security vulnerabilities, automating the code approval process and validating that no unapproved code has leaked into a code base. This enables software development organizations to reap time-to-market benefits and cost reductions by reusing open source software while effectively managing security, licensing, export control and other issues associated with open source and other forms of external software.

About Black Duck Software

Black Duck Software is the leading global provider of products and services for accelerating software development through the managed use of open source and third-party code. Black Duck™ enables companies to shorten time-to-market and reduce development and maintenance costs while mitigating the risks and challenges associated with open source reuse, including hidden license obligations, security vulnerabilities, unsupported open source and version proliferation. The company is headquartered near Boston and has offices in San Francisco, Amsterdam and Hong Kong, as well as distribution partners throughout the world. For more information, visit www.blackducksoftware.com.

# # #

Black Duck, Know Your Code and the Black Duck logo are registered trademarks of Black Duck Software, Inc. in the United States and other jurisdictions. Koders is a trademark of Black Duck Software, Inc. All other trademarks are the property of their respective holders.

Press Contacts

Click on a thumbnail for a larger image.

Figure 1: Open source files in the Black Duck KnowledgeBase sorted by file type.

Figure 2: Open source in the Black Duck KnowledgeBase analyzed by line count and sorted by type.

Tables 1 & 2