[Kaitain]

Interesting. Equally interesting is that applications developed in-house perform better (especially on the CWE/SANS top 25) than both commercial and open source submissions.

With respect to those graphs, there's no way to determine the relative complexity of the applications, the size of the team working on them and the average experience of the programmers.

I suspect that a lot of the differences between the in-house application and the open-source application is that (I'm assuming here) the in-house application is developed by a small team of competent programmers with a solid plan and strong management, whereas the open source project may be developed by a huge team of unknown quantities, with a fag-packet plan and volunteer management.