Re: Keep on spreading this nonsense...
Sorry, VoiceOfTruth, you are plain wrong.
The statement 'Open-source software has always been more secure than proprietary software' is true.
You seem to be mixing things up... Of course most users of any type of software never look at any of the code. You are right that reviewing existing code is time-consuming, boring, etc. But that is not relevant. The issue is the remaining difference in how many people do actually look at the code.
With proprietary code, generally 3-4 other people review new code/patches (is your experience different?). With OSS, the number who review new code/patches is very different for different projects - it may be very small or it may be huge (such as patches posted to LKML). I am sure the average, weighted by number of users around the world, is a bit larger - maybe 6-8̇.
But the real difference isn't the code review when the code was written. It is who reviews the code at a later date. When an issue occurs, such as a serious bug is found in one project, or a major hack occurs, the difference between proprietary code and OSS becomes extreme! The proprietary code remains at 3-4 people looking at the code. But the OSS turns into thousands of people looking at the code!
Take the recent polkit issue. I don't claim that being open or closed made any difference to the likelihood of the bug occurring in the first place. But now it has been found, many thousands of developers have looked at that code, related and nearby code, and (most importantly of all) similar code in other contexts (sudo, other OS's, etc).
This has led to much increased confidence in the quality of those other implementations. On the other hand, I am sure that Microsoft (for example) have had some people review their similar code in the Windows kernel, for the same reason - but that will be tens of people (at most), and no one outside Microsoft knows the results of that review (so users do not have an increased level of confidence).
The same goes for other major bugs found in Linux or other OSS. They all trigger a lot of open discussion about the problem, other related problems that may be in existing code, implications and impact of the bugs in different contexts, ways to protect against similar bugs or design patterns to avoid them in the future, review of other code which could have similar problems, the effectiveness or otherwise of possible operational workrounds where code cannot be fixed immediately, etc. All of those contribute massively to the security of the OSS projects being discussed - even before the code fixes are released.
That is why 'Open-source software has always been more secure than proprietary software'. Not because of some fiction that "many eyes" is about the number of people reading the code for the hell of it. The "many eyes" come into play once issues are found.