The quality of open source code has improved over the last two years, according to an audit sponsored by the US Department of Homeland Security. The security and quality of more than 250 open source projects - including Apache, Linux, Firefox and PHP - was assessed using code analysis tools from Coverity as part of the federal …
So how does this compare to closed source code?
Null pointer refs
Buffer overflow flaws are the staple of most security bugs but experts warn that null pointer bugs could become fertile ground for hacking attacks. "Null pointer security flaws are exploitable and could quickly replace buffer overflows as the next big threat," said Geoff Sweeney, CTO of Australian-based net security firm Tier-3.
Not true. Null-pointer refs normally aren't exploitable, but, in certain cases, can be. It depends on how the null pointer is used.
That's the problem with closed sources. We don't know. Someone with access to the source code would need to parse it through and only after obtaining an NDA I expect.