Homeland Security Survey Takes First Pass at LAMP: Some good news, though I think the bug density would skyrocket once they moved passed the top 1% of projects and into the second and third-tier of open source stuff.
First results are in for the Department of Homeland Security’s vulnerability survey of some 40 Open Source projects. Early findings, released by Stamford University and source code analysis software vendor Coverity reveal that the LAMP stack has a higher-than-average code quality, with fewer than 0.2 defects per 1,000 lines of code.
Linux had a defect density of 0.335, compared to Apache with 0.250, MySQL with 0.224, PHP with 0.474, Perl with 0.186, and Python with 0.372. The lowest defect density was 0.051 for the XMMS (X Multimedia system) project, while the highest was 1.237 for the Amanda backup and recovery project.