@naive
I agree about the open source comment (see my comment further below) but your argumentation is flawed nonetheless:
"The world should really move on to OpenSource for this kind of stuff, in the end many eyes see more."
Actually they don't, not per definition. Think about the Debian OpenSSL disaster; the package maintainer had altered the source code. Not just that; he had altered the very engine of OpenSSL itself. Yet it took the Debian community approx. 3 years before the problem was discovered and fixed. Causing a major uproar because all keys and certificates which were created with this OpenSSL version were vulnerable.
Never underestimate how easy it is to overlook the obvious.
Still, I do agree with you but for different reasons. Open source usually has no commercial interests attached to their products. If they screw up then that's that: they screwed up and will admit to that. An example can be seen above. Yet you never know with companies such as these. Because they also got a reputation to keep in mind and will also want to secure their revenue. Trust me: their revenue has a much higher priority than doing the right thing in admitting that they've been breached.
Biting the hand that feeds IT
