How Many Stanford Researchers Does It Take...

...to analyze 5.7 million lines of Linux code and come up with a crock of sh*t?  According to this article, 5 researchers...4 years...for a combined total of 20 man/years.  What that means is that if I started a line by line analysis of the Linux kernel when I was 6 years old, I would have just recently finished the task.  Their conclusion?

"... the Linux kernel programming code is better and more secure than the programming code of most proprietary software..."

First off, to substantiate this claim, the same team (or a team with the same evaluation constraints) would need to evaluate a similar subset of proprietary software code (in this case, the NT kernel in Windows)...without this type of comparison, their "conclusion" holds no water whatsoever.  Yes, I'm sure the Linux kernel code is indeed better and more secure than most (generic) proprietary software, but I'm pretty sure the equivalent Windows kernel code has been pretty well groomed over the decade + of its existence and is better than most proprietary software as well.  That's beside the point though as ultimately they are trying to compare apples to oranges...the article goes on to say this:

"Commercial software typically has 20 to 30 bugs for every 1,000 lines of code, according to Carnegie Mellon University's CyLab Sustainable Computing Consortium. This would be equivalent to 114,000 to 171,000 bugs in 5.7 million lines of code.

Note that the link to Carnegie Mellon's CyLab leads to a generic page...where are the real numbers behind this?  And besides that, there is a huge difference between "Proprietary software" and "Commercial software"; i.e. Windows is both proprietary and commercial, whereas Linux (the kernel) is neither...Red Hat/Suse/Mandrake (ad nauseum) shipping their own distros of Linux are commercial, but not proprietary.  Thus, the first italicized statement above simply cannot be substantiated until a similar code analysis can be conducted on a similar proprietary system.  I guess the ultimate point I'm trying to make is that both Linux/Windows OS kernel code > general commercial software quality.  Attempting to compare either kernel to general commercial software is a claim that simply cannot be made.  But the author does just that...she equates MS code with generic commercial software, but puts equivalent Linux code into a class of it's own; above and beyond commercial software.  It doesn't get more biased than that, and it's kind of disturbing that any reasonable editor of any dignified tech site would let an article like this get published.