For a long time there was a commonly held belief that open source products were inherently more secure because there was nothing hidden. The thought was that with the code for popular applications out in the open, there’d be scores of good guys looking at every line and bugs and flaws would be few and far between.
Alas, this turned out to be a pipe dream because even the most examined code can still contain flaws so obscure and arcane, even highly skilled and incredibly talented coders can’t find them. Why? It’s usually because the good guys don’t have the time to play hacker as intensely as the real hackers do. For the bad guys, the rewards for finding exploitable flaws are tangible while for the good guys, the cost of not finding flaws far exceeds, by orders of magnitude, the value of the few flaws they do find because those flaws are the most easily found.