A recent report showed that across all software projects, open source software had fewer bugs and security problems than proprietary software, but this statistic doesn’t paint the entire picture. Proprietary software often has teams dedicated to evaluating the security of their company’s software, but open source often lacks these teams. Static analysis tools can help companies identify problems in software, but they often result in numerous false positives that must be deciphered to find the important errors. This task takes large amounts of time and effort, something that isn’t always available to open source projects. In many instances, companies are coming together to fund code audits on important open source software, but many communities still lack the needed effort.
