LAMP...in depth look.

The most popular open-source software is also the most free of bugs, according to the first results of a U.S. government-sponsored effort to help make such software as secure as possible. The LAMP stack of open-source software has a lower bug density--the number of bugs per thousand lines of code--than a baseline of 32 open-source projects analyzed.

The LAMP includes the Linux operating system, Apache Web server, MySQL database and a scripting language--PHP, Perl or Python. It has been pushing its way into mainstream corporate computing, a rival to Java and Microsoft's .Net.

In our analysis, more than 17.5 million lines of code from 32 open-source projects were scanned. On average, 0.434 bugs per 1,000 lines of code were found. The LAMP stack, however, seemed to show significantly better software quality, with an average of 0.29 defects per 1,000 lines of code. PHP, the popular programming language, is the only component in the LAMP stack that has a higher bug density than the baseline.

Other open-source projects we're scanned, we found that the Amanda back-up tool had the highest number of bugs per 1,000 lines of code, with a bug density of 1.237. The lowest was the XMMS audio player, with 0.051 defects per 1,000 lines of code.

In absolute numbers, most defects were found in X, the low-level graphical interface software for Linux and Unix. We found 1,681 defects in X, it said. With only six defects, XMMS also scored best in absolute numbers.

Our analysis looked for 40 of the most critical security vulnerabilities and coding mistakes in software code. The analysis can't be used to measure the security of open source code next to that of proprietary code because that code is not available for scanning without heavy de-compilations.