Comment Re:So you've done your own audit then, yes? (Score 2, Insightful) 273
I didn't read the parent so I don't know just how much faith it put into OSS as opposed to CSS, but I think your argument goes too far in the other direction.But my point here isn't to attack OSS, if that's what you are thinking, just to point out that this warm, fuzzy feeling that many people get from the openess is a false sense of security. They think because the code is open, and able to be checked, it means that there's nothing bad in there. Well, that's probably true, but only in the same way it's probably true that if you buy retail software it's also free of malware. Neither is a gaurentee of anything, and since 99.999% (or more) of people aren't actually using the openness to do their own audit, it's a false sense of security.
Neither OSS nor CSS can guarantee the abscence of malware, but to suggest that, if you do not do your own audits, that OSS and CSS are excactly equivalent in terms of malware risk is absurd.
Even if 99.999% of users are not auditing, as long as some users are auditing then OSS will be safer than CSS since auditing OSS is easier than auditing CSS and removing OSS malware is easier than removing CSS malware.
The difference may be small, but it is there. And I suspect it is not nearly so small as you suggest. Malware authors have a large incentive to use CSS to make their software harder to detect and remove and to protect their work from competitors.
So you are certainly right that OSS is no guarantee of safety, but definitely wrong that, without personal audits, it makes no difference at all.
