The truth is insecure code is not an open source vs. closed source debate. In spite of much tighter control of software development, and management of source code, crucial security flaws are still frequently discovered in commercial software that customers pay a lot of money for.
"Finger pointing at the open source development communities or persons or processes isn't going to fix the problem," notes Andrew Storms, senior director of DevOps for CloudPassage. "Open source software along with commercial software will always have bugs."
So, while it's natural to look for a scapegoat for a flaw of this magnitude, it would be foolish to dismiss the many benefits of open source in the name of security.
Sign up for Computerworld eNewsletters.