Open-source code is more prone to severe flaws than commercial software, but bugs get fixed more quickly, according to revealing new research from application security firm Veracode.
V3.co.uk gained exclusive early access to the vendor's Open Source Ratings Database project, a centralised repository of open source security ratings which includes analysis of around 100 popular enterprise applications including Firefox, Apache, MySQL and JBoss.
The latest findings from the project rated just 24 per cent of open-source software as meeting an "acceptable level of security", and commercial software marginally worse with 23 per cent.
The stats also revealed that 23 per cent of open-source and just five per cent of commercial software contained at least one high severity flaw.
"All code is pretty bad, whether commercial or open-source, but the fixes are done more quickly and efficiently with open source. There are more eyeballs on the code, and [programmers] seem to take more pride in their work," said Veracode president and chief executive Matt Moynahan.
Security issues in open-source software typically take less than a week to remediate and report on, or three man hours of effort, according to the research.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago