Open source bugs fixed faster than commercial software

By

All code is "pretty bad".

Open-source code is more prone to severe flaws than commercial software, but bugs get fixed more quickly, according to revealing new research from application security firm Veracode.

The vendor's Open Source Ratings Database project is a centralised repository of open source security ratings which includes analysis of around 100 popular enterprise applications including Firefox, Apache, MySQL and JBoss.

The latest findings from the project rated just 24 percent of open-source software as meeting an "acceptable level of security", and commercial software marginally worse with 23 percent.

The stats also revealed that 23 percent of open-source and just five percent of commercial software contained at least one high severity flaw.

"All code is pretty bad, whether commercial or open-source, but the fixes are done more quickly and efficiently with open source. There are more eyeballs on the code, and [programmers] seem to take more pride in their work," said Veracode president and chief executive Matt Moynahan.

Security issues in open-source software typically take less than a week to remediate and report on, or three hours of effort, according to the research.

Open source bugs fixed faster than commercial software
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
centcodecommercialopenopensourcesecuritysoftware

Sponsored Whitepapers

Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks

Events

Most Read Articles

Rio Tinto AI tool aids defect elimination in rail operations

Rio Tinto AI tool aids defect elimination in rail operations
Curtin University makes headway on 'radical' tech shakeup

Curtin University makes headway on 'radical' tech shakeup
GO Markets chases former CIO over IT contracts

GO Markets chases former CIO over IT contracts
Salesforce blocks AI rivals from using Slack data

Salesforce blocks AI rivals from using Slack data
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?