A review which began in 2000 by Coverity Inc., (a company that sells a source-code auditing tools) has discovered that the Linux kernel contains surprisingly few flaws
. Work done to review the kernel using source-code analysis tools found that the core components of the operating system contain far fewer security vulnerabilities than would be expected from a typical commercial software package.
"The team found that the Linux 2.6 kernel has 985 bugs in its 5.7 million lines of code. By way of comparison, most commercial software is generally thought to contain between 10 and 20 bugs for every 1,000 lines of code; the Linux kernel has 0.17 per 1,000 lines of code.
Actually, of the flaws found in the Linux kernel, just a little more than 10 per cent were actually real security flaws. Most were problems that caused performance degradation, or buffer overruns flaws (which could still be considered to be security flaws.) In any case, it means that Linux is a pretty secure OS.