Open source software is as secure, or more secure, has faster bug fix turnaround and fewer backdoors than commercial software, according to a study released today by VeraCode.
“The study, published on the first day of the RSA Conference, is based on aggregated data from real world scanning of billions of lines of code and thousands of applications by the code quality assurance and security firm,” The Register’s John Leyden reported. “Open source is as good if not better than commercial packages in key metrics accessed by VeraCode, which argues the findings dispel the myth that open source is inherently riskier than commercial code.”
The turnaround time for bug fixes was the most noticeable difference between commercial and open source software.
“Open source applications took only 36 days from first submission to reach a passing security score, compared to 48 days for internally developed apps and 82 days for commercial applications,” Leyden reported.
VeraCode said that because of transparency, there were fewer backdoor vulnerabilities in open source software.