Coverity, a subsidiary of Synopsys Inc., is controversially claiming that proprietary software is significantly more secure than open-source code.

The latest Coverity scan open-source report (PDF) claims that static analysis defect density scans reveal how open-source software has outpaced proprietary software in terms of quality through 2013 and 2014. In addition, the 2014 report also did a comparison of security compliance standards like the Open Web Application Security Project (Owasp) top 10 and the Common Weakness Enumeration (CWE) 25 most dangerous errors, finding that proprietary code is more compliant with such standards than open-source.

There is a caveat readers need to be aware of though – the survey results are somewhat helpful to Coverity, given that it’s main line of business is building tools for testing commercial software for vulnerabilities.

Coverity said it analyzed over 14,000 proprietary and 5,100 open-source software projects coded in the C, C++, Java and C# programming languages for its report. In total, it analyzed more than 10 billion lines of code. The company found that open-source software had a defect density of 0.61, after its tools scoured 500 million lines of code in 2,650 projects. This compared to a defect density of 0.76 for proprietary software, of which it scanned 9.1 billion lines of code in 8,776 commercial software programs. While this seems like a lot, Coverity says that the number of software defects are declining, year on year.

Coverity also claims that commercial software vendors deal with security issues faster than open-source projects do.

“Even though both the commercial projects and the open-source projects had the same average time of six months of being able to fix issues, we have observed the trend that commercial software is tackling these security vulnerabilities at a relatively faster pace than compared to open-source software,” Coverity said.

The good news is that both proprietary and open-source software are becoming more reliable and more secure.

“If we look at the static analysis defect density data from this report, what we generally see is that both open source and commercial software are getting better all the time,” the report said.

What’s also clear from the report is that open-source and proprietary software are advancing differently, Coverity said. Open-source project developers are rapidly adding more features to their software, creating big improvements over earlier versions. Coverity says that the need for software to do certain things is the main driver behind this trend, though it comes at the sake of bug fixes.

On the over hand, proprietary software is becoming more stable and secure. That’s because competition and compliance to industry standards are the main concerns for commercial software developers, which necessarily means a higher priority is placed on things like bug fixing, stability and security.

Image credit: Personal Kaleidoscope via flickr.com