Good news for the PHP developers, the PHP community and the whole Open Source community in general as the coverity Report finally hits the street.
The Coverity Report was instigated by the U.S. Department of Homeland Security as measure to test the large Open Source Projects with its range of static analysis tools. This to measure the quality of Open Source projects. The main focus has been software that makes up the LAMP stack. (Linux Kernel, Apache, MySQL, and Perl/PHP/Python). The report confirms these projects have a much lower defect rate than most others. Not that this is startling news, but nice to see confirmation.
Long time PHP friend MySQL faired well in the testing with 136 defects reported, that sounds alot, but is meerly 0.224 errors/kloc, nice work. This went one step further for the SQL giant with a certified version of MySQL with zero defects, outstanding!
PHP has done well also with just 42 or 0.474 error/kloc detected bugs from coverity. This is a little better than the average of 0.490 reported for 32 projects tested. PHP devels have had a look at the report and have confirmed them as not true bugs, but more pieces of code Coverity does'nt like and this is after the initial 214 defects when the false positives have been removed.
The Coverity report looks like it is here to stay with a three year contract from DHS and it could prove very useful with the PHP project, you can see the report yourself after registering at http://scan.coverity.com.