[microkid]

No offense, but level playing field is ridiculous.

Think about what you're saying, you're saying Google is going to sit there and review all of the source code, and all patches and new releases to that source code. Really? Do you actually believe this...

As per China having the source, do you really think it matters? If someone wants to break in, they're going to get in... (regardless if its Windows/Linux/Mac) why... because that's their job and they are going to spend every minute of every day until they figure it out, and that's what makes them better than you. Majority of the time the issue is not software itself, but the policies in place. Hell, why even break in technically, when I can probably call one of these 10,000 employees up and they'll give me their password. Duh.

If you believe security is 1-dimensional, then you are bound to fail. History has shown this time and time again, just read a book / biography in regards to this topic.

[pook]

More importantly but less vociferously, by Google switching to an open source OS, it means anyone, anywhere, can fix vulnerabilities. Not just Google.

Considering the difficulty of patching security holes in proprietary software versus patching holes in open software, Google indeed would hugely benefit by drastically reducing the difference between the cost of defense and the cost of cracking.

It's not so much levelling the playing field, as removing Harrison Bergeron's buckshot-filled equality harness.

[jlmendezbonini]

Switching to an open source OS? OSX is a mix between open and closed source software where quite a bit of its open source code is not updated frequently. Google can't patch Preview, Quicktime, Safari or any other closed source program develop by Apple. Also, Apple is not famous for quickly patching OSX[1]. Quoting Charlie Miller[2,3]: "Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town."[4]

[1] http://www.zdnet.com/blog/security/apple-fixes-old-java-for-... [2] http://www.dailytech.com/Charlie+Miller+to+Unveil+20+Zeroday... [3] http://en.wikipedia.org/wiki/Charlie_Miller_(security_resear... [4] http://www.forbes.com/forbes/2010/0412/technology-apple-hack...

[naz]

Google employees probably won't be using Safari but it is 95% open source (WebKit). iTunes would be a better example.

[nailer]

> you're saying Google is going to sit there and review all of the source code, and all patches and new releases to that source code. Really? Do you actually believe this...

It's not crazy to pay someone on their security teams to review checkins to OSS apps they use. Saying 'OH MY GOD' loudly and repetitively doesn't consitute an argument and is rude to the parent poster. Be civil.

[RyanMcGreal]

>Think about what you're saying, you're saying Google is going to sit there and review all of the source code, and all patches and new releases to that source code. Really? Do you actually believe this...

Maybe not Google by itself, but the sum total of everyone reviewing all the source code and sharing what they know is that it's far easier to develop a more complete security profile for Linux than it is for a proprietary system we can only study by reverse engineering.