US Government Studies Open Source Quality

anadgouda writes "US Department of Homeland Security has released a report on open source quality in an effort to study the security of open source. 31 popular open source packages were studied as part of this effort. From the article: 'Coverity's report, Stacking up the LAMP stack: a study of open source quality, was produced as part of a $1.24m, three-year DHS Science and Technology Directorate effort to evaluate and improve the security of open source.'"

There's something missing

[Captain+Lou]

"...has effectively given the Linux, Apache, MySQL and Perl/PHP/Python (LAMP) stack a healthy rating. LAMP "showed significantly better software quality" above the report's baseline with an average of .32 defects per 1,000 lines of code, according to Coverity. The average for open source projects analyzed is .42 per 1,000 lines." What would be interesting to know is how they determined a baseline of .32 defects per 1000 lines of code as their baseline, and how so called commerical products, like Oracle, Windows, MSSQL, etc. fared against the same baseline.

thats really the question isn't it? is Open Source more or less secure than any of the closed systems?