Do you believe in security through obscurity? (e.g. closed source is best for security?)

Since this is a Ubuntu/Linux forum, I doubt it. However, there's another question: if there's a severe security hole in a program, should you: A) Cover it up and patch it, then release the patch, not telling anyone, or B) Tell people about the hole, so they can defend themselves against it, then release a patch?

C should be the universal answer, proprietary or otherwise.

When open source software companies find security problems they patch it first, then tell everyone about it. That's the best way.

With a possible exception of a very new hole that you can fix quickly, tell everyone so they can be prepaired. But, you need to actually accept the help. If you tell everyone and then don't use the help needed, then you will be shooting yourself in the foot.