Business Week Online
Insecurity in Open Source What open-source developers can learn about security and quality from—gasp—makers of proprietary software
OCTOBER 6, 2006
Viewpoint By Ben Chelf
Debates over what methods result in the best software often pit those who favor an open-source approach against proponents of proprietary, or closed-source, development. Conventional wisdom holds that open-source software should have fewer security flaws than proprietary software. With more eyes able to look at the underlying source code, bugs should be found and squashed much faster.
But when software security and quality really matter—like crossing the Atlantic on a jet airliner—trust me, you want to fly proprietary.
That conclusion is based on my company's involvement in testing of software security and quality. Working with the Homeland Security Dept. and Stanford University, my firm, Coverity, has closely analyzed 50 of the most popular open-source software projects, scanning more than 20 million lines of code daily. We publish those results here on the Web.
BUG TO BUG COMPARISON. For the first time, we've compared those results with proprietary software from more than 100 different companies, including some of the best-known names in aerospace, financial services, software, and telecommunications—more than 60 million lines of code all together.
In our research using automatic bug-hunting technology, no open-source project we analyzed had fewer software defects (per thousand lines of code) than the top-of-the-line closed-source application. That proprietary code, written for an aerospace company, is better than the best in open source—more than five times better, in fact. That company's software won't let you down when you're flying from New York to London.
Of the more than 150 open-source and proprietary software applications that we have analyzed in this study, closed-source software code grabbed 11 of the top 15 spots for the highest quality and security.
Full at:
http://www.businessweek.com/technology/content/oct2006/tc20061006_394140.htm...