From:
http://www.opensource.org/advocacy/faq.php
Doesn't closed source help protect against crack attacks?
This is
exactly backwards, as any cryptographer will tell you. Security through obscurity just does not work.
The reason it doesn't work is that security-breakers are a lot more motivated and persistent than good guys (who have lots of other things to worry about). The bad guys
will find the holes whether source is open or closed (for a perfect recent example of this see
The Tao of Windows Buffer Overflow).
Closed sources do three bad things. One: they create a false sense of security. Two: they mean that the good guys will not find holes and fix them. Three: they make it harder to distribute trustworthy fixes when a hole is revealed.
In fact, open-source operating systems and applications are generally much more security-safe than their closed-source counterparts. When the "Ping o' Death" exploit was revealed in 1997 (for example) Linux had fix patches within hours. Closed-source OSs didn't plug the hole for months.
Alan Cox has written an excellent article on
The Risks of Closed Source Computing.
Simply substitute the word "source" with "posting exploits".
look, the only point I'm making is how in the world are we (honest, non-expoiting, Admins/GameMasters/Coders) supposed to battle against a bunch of script kiddies when we have no clue what in the world there doing?
Note that this isn't a comment on the original problem and/or the proposed fix. I've simply been doing some reading on
www.opensource.org reacently, and this caught my eye.