Is Open Source more secure then closed source ?

[Lovechild]

Mark Cox has some very good statistics up comparing RHEL3, FC3 and Windows, Linux consistently had lower number of days of risk as well as an overall lower number of critical flaws (by Microsoft' own standard).

His blog can be found here and is regularly updated with security statistics and information:
http://www.awe.com/mark/blog

Looking at the numbers, free software beats closed software hands down when it comes to security in every study I've read (except those sponosored by Microsoft for some reason).

That being said we are only better than an absolutely terrible option, that doesn't make us good - the best distro from a security stance would probably be Fedora Core with SELinux turned on as they currently are the only mainstream distro to deploy proactive security.

[kingmonkey]

lol - I voted closed source as a laugh. because it was obvious no one else would.

I get my kicks in strange ways.

There should be a "Dont know/care" option.

[egon spengler]

Well I'm no programmer but speaking as a layman, on the face of it I can't imagine why one would be intrinsically more secure than the other. Yes with Linux there may well be peer review, it's not as if Microsoft has never had bugs/exploits reported back to them by end users though is it.

Another point, people here tend to take the attitude of closed = MS and open = Linux. It ain't as simple as that and so to compare the worst examples of slothfulness from a closed source organisation against the best examples of open source seems an unfair comparison to me.

Windows may or may not be poor quality but it doesn't follow from there that all closed products are similarly poor/mediorce/great (some of you seem to think it does) and of course Linux may or may not be great but it doesn't follow that... well, you get my point

[commodore]

It's hard to say. I think security means "number of choices for attacking" when talking about software. If something's closed source, people don't usually read the code and don't find mistakes, but a "hacker" can find the attacking holes because they are there. When something is open source, people will read the code and fix the mistakes so there's nowhere to attack for the attackers, but if it's open source hackers can read the code as easily as others. So if an open source project is popular and has good development policy (like BSD-s) then it's more secure but if it's unpopular (noone reads the code) then it might be more unsecure. The safest thing must be unpopular closed source