The headline “Open Source Code Contains Security Holes” on an InformationWeek article has grabbed a lot of attention. Two more blog posts on the topic:

• Coverity project outing open source flaws (Zero Day Security)
• Yellow Journalism and Software Bugs (Open Source Security)

And today there’s a followup blog post by “Security Holes” author Charles Babcock and a response from Paul Beach, a developer and administrator for one of the open source projects mentioned in Babcock’s original article:

• Oops, Look At That Phoenix, Rising From The Ashes (IW Open Source Weblog)
• Open Source Code Contains Security Holes (Paul Beach’s Blog)

Still missing is an answer to the key question: do open source applications have more security flaws than closed source? The Department of Homeland Security, sponsor of the open source testing, states the estimated error rate at one security flaw for every 1000 lines of code among tested open source software. How does this compare to closed source? Coverity’s announcement makes no mention of closed source error rates.

Can someone cite some statistics showing a difference between the two types? Post your stats, sources and comments below.

Bookmark It

Hide Sites

This entry was posted by Ryck on Thursday, January 10th, 2008 at 1:55 pm and is filed under Community, Enterprise open source, Open Source projects. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.