And how exactly would that work? Or is this just a case of "Microsoft is doing something therefore it must be Embrace Extend Extinguish"?

It's not just a bug, it's this bug. Clearly a bug this severe is a much more shocking revelation than say an issue with toolbar location persistence in libre office.

And it has dubious value given that this bug was committed, reviewed and accepted then extremely widely circulated despite many eyes being on it. It's not about having heaps of people look at it, it's about having a few people with the right knowledge and understanding of the system looking at it.

So what's the argument? That you have many eyes on it so this is less likely to happen than...what? Closed source software? Lower profile Open Source software? This is why it has dubious value, yes you might happen to fluke it but you're just as likely to have many eyes that completely miss it. Touting it as an advantage (even if it is in some circumstances) does it a disservice because you end up with people trusting that "it's open source so many other people are looking at it" and then you get a situation like this where it is used in literally billions of situations and the critical flaw was missed just like can happen in closed source projects. The advantage is the ability to find and fix issues yourself, not that many other people may or may not be doing it for you.

Well you need people that can fully understand a particular complex system to find the tough bugs, and you need a lot of them dedicated to it. I would say there is rarely ever enough, except maybe on the Linux kernel where the critical error rate is pretty low (though they do happen). Demonstrated by the key advantage of free/open source software being that it is easier/quicker to fix bugs in it, not that is necessarily more bug-free than proprietary software in general.

I didn't say anyone did, in fact such a thing is demonstrably false so I'm not quite sure what you say that.

No but when a bug this severe is discovered in something so widely deployed it certainly does damage the "many eyes" claim, it has about as many eyes on it as any open source program is likely to get so clearly that isn't the answer. Having "many eyes" doesn't necessarily diminish the quality, but obviously it doesn't necessarily improve it either so saying it's better because it has "many eyes" looking over it is disingenuous at best.

Perhaps it's that with an application this large you really need designers that have a consistent vision for what it needs to be like and every new feature that is introduced that requires a GUI element needs to go through a design process. If you switch designers you're likely to end up with inconsistent design throughout the application. People have their own opinions about how things should be done, if you lose a developer and he/she is replaced then whether he/she refactors the area of code they are responsible for has no visible impact on the user, but if a designer does that then the effect is immediate inconsistency.

Also maybe UI designers are less inclined to work for free? So you end up with UIs designed by programmers instead, they work the way a programmer thinks they should work which is rarely how an end user thinks they should work. A similar situation occurs with documentation.

The exception to this is probably Blender, the more recent UI improvements and high quality of documentation show the high level of community (by that I include production studios and independent hobbyists and professionals) interest, support and use of the product not to mention the contributions made to it. In professional circles photographers don't use GIMP, they use Photoshop just as most use MS Office over Libre/Open Office. Blender has some real, genuine advantages over its proprietary competitors, it isn't just a me-too, fast-follower product that copies a proprietary one and that is why it is successful.

Actually that was Eric Raymond, and it is evident that in fact there never are enough eyeballs (at least ones that can comprehend what they are looking at). The theory is sound but in practice it is not.

Of course, but it's those people that perpetuate the unrealistic expectations that have been put in their place. The fact that such people spread that nonsense is entirely the reason you have people now saying "a bug in widely used open source software?! how could that happen?!"

Or maybe because - unlike OpenSSL - nobody is running products like acrobat reader on their server which contains millions of usernames, passwords and the encryption keys that go with them that is vulnerable to this bug.

It isn't a matter of "every single bug in a piece of open source software", this is a hugely deployed piece of open source security software and you would expect that if the "many eyes" thing were indeed true then this is exactly the place it would be demonstrated yet what we have here is one of the most widely deployed critical security bugs ever. This isn't a condemnation of open source in any way, just of the misguided vocal advocates that pad their arguments with falsehoods rather than focussing on the real advantages of open source (like the speed at which bugs like this can be patched).

I know such claims have always been false and this is just more proof of it at the most prominent and non-theoretical level so I'm not quite sure what your point is. This alone didn't disprove the claim, it just added more proof (and at an extremely high visiblity) that the claim is false.

Well it does show that the often-used argument that open source is better because "I can review the code to make sure it is secure and not malicious" is false, not even the biggest vendors did that before using this code.