"The head of Microsoft's security response team argued here
Thursday that closed source software is more secure than open
source projects, in part because nobody's reviewing open source
code for security flaws."
"Review is boring and time consuming, and it's hard," said Steve
Lipner, manager of Microsoft's security response center. "Simply
putting the source code out there and telling folks 'here it is'
doesn't provide any assurance or degree of likelihood that the
review will occur."
"The comments, delivered at the 2001 RSA Conference, were a
challenge to one of the tenets of open source, that 'with many
eyes, all bugs are shallow.'"
