In reference to Homeland Security spending $1.24M to test open source code, David Berlind noted that "No matter how this news is sliced, it isn't good for providers of commercial alternatives to these open source products." I disagree. Aside from the fact that the biggest providers of open source products are commercial providers (RedHat and Novell, for instance -- not to mention IBM and Sun) ...
What if such a study reveals the inherent problems with poorly documented changes to open source code? Homeland Security cannot force other government agencies to abandon Windows, UNIX, or Linux. (Have you ever known a programmer who can document code worth a damn?)
Without some central repository of changes to open source code, anyone could make a subtle change to open source code which might lead to vulnerabilities when that code interacts with some other (unanticipated) piece of open source code. Without some central organization testing each and every modification to open source code, vulnerabilities will creep in. Enter Homeland Security ...
The underlying assumption is that open source developers are more competent (and less mischievous) than those developing code for profit or those selling that code for profit. That strikes me as an extremely naive assumption.
You are also assuming that, should such a study find open source code to be less buggy, that the enterprise and the government would flock to it. I doubt that -- mainly because they will continue to want the service and support available only from commercial vendors -- whether they are RedHat or Sun, IBM or Novell.
If open source wins, RedHat will say "I told you so" ... and so will Sun or Microsoft if they are exonerated. IMO, more likely than not, in an unbiased study nobody will come out significantly better than anyone else.
It is certainly true that having the government debug your code for them is a significant advantage for open source developers, but it is also a Catch-22. If the government determines that open source is actually more vulnerable to bugs than commercial code, it will not fair well for Linux vendors who want to be taken seriously by the enterprise.
In the end, whether in the enterprise or in government, the user buys Linux from RedHat (or whomever), Solaris from Sun, or Windows from Microsoft depending upon their needs, their budget, and their faith in the vendor. If the vendor fails to provide the quality and service they promise, then they will lose the business the next time around.
I would maintain that no code is perfect, and that a code's stability is more closely related to its maturity than any other single factor. In the end, Homeland Security cannot force other government agencies to abandon Windows, UNIX, or Linux. All have their place in government, and in the enterprise.