[EJTH]

All software have security flaws, in open source it is simply easier to find these, also quality of opensource varies alot.

Just take Drupal as an example, it is used ALOT, but isn't really pretty to look at codewise, also it has had its share of vulnerabilities, which are very easy to find, partly because all source code is readily available.

[kzisme]

Couldn't you then say that OSS software has more people looking for flaws to patch, so it would be more secure - not less?

I suppose it does vary by project though.

[EJTH]

Its a double edged sword of course, but for the financial sector the money saved on open source would be peanuts in the grand scheme of things.

A proprietary CMS may very well be holed like a swiss cheese, but it will not be as obvious / easy to find the holes when you can't look at the source code, you are basically left with fuzzers and manual/bruteforcing injection as your only viably point of entry.