I'd be surprised if Coverity didn't sign an NDA not to disclose any results of any scan against MS authored code.

Searching through their news releases turns up little.

There's indication that Coverity integrates it's products with MS tools for example. But that scans code I author with said tool (my understanding). No indication that it was used to scan the tools software code base.... the code MS itself authored.

There's a potential teaser in an article on defect density indicating:

the book ‘Code Complete’ by Steve McConnell has a section [snip] that provides an example for Microsoft Applications which have about 10 – 20 defects/KLOC during in-house testing and 0.5/KLOC in released product

Additionally, with all MS-related stats, there's always the question with regards what exactly was measured. After all, what was allowed to be released by MS could be the "best two" apps that were rated while the rest are significantly heavier on the bugs.

As a result, I suspect MS is more of a partner then a customer.

So will I ask? Nah! It's just not that important to me when weighed against the mild curiosity I have.

[ Reply to This | Parent | # ]

• defects/KLOC = smoke and mirrors - Authored by: cjk fossman on Tuesday, May 07 2013 @ 10:05 PM EDT