Malicious backdoor in open-source messaging apps not spotted for 3 months

This is why auditing is important. Of course, if it were closed source it might never have been found.

A good reminder that open source is not absolute security.

 

Nothing is absolute security but the only way to detect is to be OPEN.

 

This has nothing to do with open or closed source. Exploits in closed source are "detected" all the time. This has more to do with the size of your development team, which directly affects the amount of peer review the code will get. You can bring in the usual preaching of "it's open so it will be reviewed" all you want, this clearly proves that people have better things to be doing than reading open source code.

 

The size and exposure in open source is infinite compared to close, one of the reason Linux is the flavor in critical servers and not anything else, same goes for all supercomps.