Does open source lead to more secure software, less secure software or does it not make a difference one way or the other?

Here's what I culled from a 3 minute trawl of my inbox.

First, Conservative shadow chancellor George Osborne no less put out another chapter in his tech emerging manifesto, extolling the wonder of open source and berating the Government for its inability to see the light. His job is to berate governments, which tend to be easy targets, and open source software makes a hard bat.

That, predictably, prompted one vendor with an axe to sharpen, Fortify Software, to remind the media, to remind the media of a report released last July by the company that found security patching fault in 11 Java packages. Disclaimer: Fortify sells software assurance products.

Inevitably, a number of sources have slated Fortify in turn, and one, Coverity, has even come up - hey presto! - with its own report showing that, on the contrary, open source programs had fewer flaws than closed source, not more.

Any more out there? There is an air of unreality about all this, like trying to talk rationally about your parent's marriage.

Postscript: Spotted an interesting post on Slashdot on Slashdot on the topic of defending open source against Microsoft ISVs, but then again anybody who cares probably already knew this.