This study seeks to empirically investigate specific security characteristics of both open source software and proprietary software. Operating system software vulnerability data spanning several years are collected and analyzed to determine if significant differences exist in terms of inter-arrival times of published vulnerabilities and patch releases. Open source software is only marginally quicker in releasing patches for reported vulnerabilities. The arguments favoring the inherent security of open source software do not appear to hold up to scrutiny. These findings provide evidence to security managers to focus more on holistic software security management, irrespective of the proprietary-nature of the underlying software.
Sridhar, Sanjay; Altinkemer, Kemal; and Rees, Jackie, "Software Vulnerabilities: Open Source versus Proprietary Software Security" (2005). AMCIS 2005 Proceedings. 428.