A major difference between proprietary and open-source software is the latter's source code is available to everyone, including hackers. While that means less skill is need to find vulnerabilities, there is no shortage of experienced developers who can do the binary reverse engineering needed to find as many flaws in proprietary applications, Royal said.
"The primary difference will be in the level of skill at which a person can reverse engineer to discover that vulnerability," he said.
Commercial vendors will place protective layers over their code to prevent the theft of their intellectual property, Royal said. But that has not stopped hackers from exploiting a steady stream of vulnerabilities in Microsoft Windows and Adobe Flash, examples of popular applications often targeted by cybercriminals.
Therefore, the ubiquity of the software is what dictates the risk, Royal said. The more popular it is among consumers and businesses, the more likely criminals will look for flaws and develop malware to exploit them.
"In general, software used by many people is going to be targeted," he said.
While that may be true, a hacker is still likely to find open source software easier to crack, said Murray. "I never recommend anyone use open source software for critical applications unless you are going to maintain it yourself and, of course, inspect it and keep it safe," he said.
Sign up for CIO Asia eNewsletters.