Is open source software more vulnerable?
Do you think that more eye balls looking at open source projects make all bugs shallow or quite the contrary that some of these eye balls looking at the code could be malicious and take advantage of the exposed code to attack your open source based systems?
Linus Torvalds, the creator of Linux, stated: "given enough eyeballs, all bugs are shallow". More formally: "Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix obvious to someone." by Eric S. Raymond in his essay The Cathedral and the Bazaar.
Apparently The U.S. government's Department of Homeland Security thinks otherwise. It is investing in an ambitious 3 year project aiming at improving reliability and security of widely deployed open source projects. In late 2004 the
Can't wait to see the results of this project will confirm Linus' law or not. In my opinion, there is no general rule in this case. Open source is not safer nor is it more vulnerable than commercial software. It really depends on what we are comparing. An open source project is going to be more or less reliable based on its popularity (nobody was interested in attacking Firefox until it became successful) the governance behind it, the size of the community (the more the better)...