Yikes .. don't turn this into a holy war just yet (Score 1)

I think people are mildly misinterpreting this. There was no bias mentioned against open-source software whatsoever, just the mention that many open source projects do not contain outlines and whatnot for what they'd like to achieve as a project, and without having goals set have no method to be gauged sa to how secure they really are. However, this is just as true for open-source as it is for closed-source projects, and what makes it even more scary is the fact that they may meet a standard outlines in their product, but with a closed-source solution you have no way to prove that it was implemented and designed in a secure method appropriately. Closed-source products already imply a level of trust when you run their software that most people don't consider -- certain applications can do whatever they like behind the scenes and you may not even know about it. I believe the makers of rz/sz z-modem transfer suite attempted to implement an accounting system to see who was using their code silently, and because it was open-source, this was caught and dealt with. Who knows what various Microsoft or other-vendor closed-source projects are doing behind the scenes?

-gnp