A study released earlier this week was critical of open source software after evaluating 11 such projects over the course of three months. "Open Source Study--How Are Open Source Development Communities Embracing Security Best Practices?" was put together by Fortify Software, together with consultant Larry Suto to gauge whether open source projects adhere to security best practices.

Various active projects were evaluated to determine their responsiveness to security questions, as well as vulnerability findings, among other metrics.  Application server Tomcat came up tops, though all the other projects gave a dismal showing. Jacob West, manager of Fortify's security research group, summed up what he thinks of the problem: "In two-thirds of these cases, you didn't get a response at all."

To read up more on the security risks of open source software:
- check out this Network World article