B# .NET Blog

Take a look at this. In my very opinion, this Andy Martin guy hasn't ever written a piece of code nor dos he know about complexity of software nowadays. In fact, I want to quote the book "Exploiting software" by Hoglund and McGraw, Addison Wesley, 2004 on page 14 about "The Trinity of Trouble":

The number of bugs per thousand lines of code (KLOC) varies from system to system. Estimates are anywhere between 5 to 50 bugs per KLOC. Even a system that has undergone rigorous quality assurance (QA) testing will still contain bugs - around five bugs per KLOC. A software system that is only feature tested, like most commercial software, will have many more bugs - around 50 per KLOC [Voas and McGraw, 1999]. Most software products fall into the latter category.

Actually, I want to stress the fact that the latter sentence is based on research from 1999 and I do strongly believe that thanks to the "Trustworthy Computing Statement" by Microsoft and the various security pushes, things are becoming better. But let's continue.

To give you an idea of how much software lives within complex machinery, consider the following:

Lines of Code   System

400,000         Solaris 7
17 million      Netscape
40 million      Space Station
10 million      Space Shuttle
7 million       Boeing 777
35 million      NT5
1.5 million     Linux
3 million       Windows 3.1
<5 million      Windows 95
40 million      Windows XP

(...) One simple but unfortunate fact holds true for software: more lines, more bugs.

Now allow me to give you some up-to-date information about some products (source Secunia):

These are just some figures, live from Secunia but it gives some relevant information in my opinion. I know figures are risky things, so I do expect to get a lot of feedback :-). Also check out Steve Riley's Secunia dashboard on http://www.steveriley.ms/sbr/default.aspx.