Open source vs. closed source software: towards measuring security.