%0 Journal Article %J AMCIS 2009 Proceedings %D 2009 %T Security of Open Source and Closed Source Software: An Empirical Comparison of Published Vulnerabilities %A Schryen, Guido %K closed source software %K empirical comparison %K open source software %K security %K Vulnerabilities %X Reviewing literature on open source and closed source security reveals that the discussion is often determined by biased attitudes toward one of these development styles. The discussion specifically lacks appropriate metrics, methodology and hard data. This paper contributes to solving this problem by analyzing and comparing published vulnerabilities of eight open source software and nine closed source software packages, all of which are widely deployed. Thereby, it provides an extensive empirical analysis of vulnerabilities in terms of mean time between vulnerability disclosures, the development of disclosure over time, and the severity of vulnerabilities, and allows for validating models provided in the literature. The investigation reveals that (a) the mean time between vulnerability disclosures was lower for open source software in half of the cases, while the other cases show no differences, (b) in contrast to literature assumption, 14 out of 17 software packages showed a significant linear or piecewise linear correlation between time and the number of published vulnerabilities, and (c) regarding the severity of vulnerabilities, no significant differences were found between open source and closed source. %B AMCIS 2009 Proceedings %P 387 %U http://epub.uni-regensburg.de/21296/1/Schryen_-_AMCIS_09_-_Security_of_open_source_and_closed_source_software_-_Web_version.pdf %> https://flosshub.org/sites/flosshub.org/files/Schryen_-_AMCIS_09_-_Security_of_open_source_and_closed_source_software_-_Web_version.pdf %0 Journal Article %J Software, {IEE} Proceedings - %D 2002 %T Trust and vulnerability in open source software %A Hissam, S. A. %A Plakosh, D. %A Weinstock, C. %K closed source software %K community of software developers %K critical infrastructures %K cyber criminal %K open source software %K PITAC %K predictably reliable systems %K predictably secure systems %K software components %K trust %K users %K vulnerability %X Software plays an ever increasing role in the critical infrastructures that run our cities, manage our economies, and defend our nations. In 1999, the Presidents Information Technology Advisory Committee (PITAC) reported to the United States President the need for software components that are reliable, tested, modelled and secure supporting the development of predictably reliable and secure systems that underscore our critical infrastructures. Open source software (OSS) constitutes a viable source for software components. Some believe that OSS is more reliable and more secure than closed source software (CSS)-due to a phenomenon dubbed 'many eyeballs'-but is this truly the case? Or does OSS give the cyber criminal an edge that he would likewise not have? We explore OSS from the perspective of the cyber criminal and discuss what the community of software developers and users alike can do to increase their trust in both open source software and closed source software %B Software, {IEE} Proceedings - %V 149 %P 47–51 %8 02/2002 %N 1 %& 47 %R 10.1049/ip-sen:20020208