Open-source code quality as good as proprietary software
The quality of open-source code matches or exceeds that of proprietary software, according to the 2011 Coverity Scan Open Source Integrity Report.
According to The Inquirer, researchers combed through some 37 million lines of open source code and 300 million lines of proprietary code before arriving at their conclusion. The former was determined to have an average of 0.45 defects per thousand lines of code, while the latter had 0.64; the defect density for the software industry as a whole was pegged at 1.0. In comparison, top open source projects such as Linux 2.6, PHP 5.3 and PostgreSQL 9.1 had defect densities of 0.62, 0.20 and 0.21 respectively.
Of course, defect density is just one metric to measure the quality of a software project, and the report does not concern itself with other important issues, such as resistance to a denial of service (DoS) attacks or even good programming practices. That said, the recent release of pcAnywhere's source code and the subsequent discovery of at least one DoS vulnerability does make the advantages of an open source strategy abundantly clear.
On the other hand, open source projects are increasing being targeted by hackers breaking into the source code repositories and inserting surreptitious backdoors. Ultimately, the research simply suggests that businesses should not reject open-source software outright, but should conduct the appropriate security audits on all software deployed within the enterprise--open source or proprietary.
You can download the report here (registration required).
- check out this article at The Inquirer