[scarface74]

Good, responsible companies don't let that become a barrier to doing the right thing.

Despite what Stallman would have you believe, open sourcing your own code is neither right nor wrong. It's just a choice.

[throwaway2048]

Its most definitely a quantifiable, collective wrong when that choice leads to a total security disaster like the embedded ARM situation. It might not be so bad if they bothered to update their drivers, but they dont even let other people try to do so.

[eridius]

Open source software has plenty of high profile security disasters too. Pretending otherwise is either ignorant or disengenuous.

[wolfgke]

Unluckily this is true. But there is a central difference: If such a security bug occurs in an open source software, you can in principle look for the bug source yourself to fix it to secure your computer to against attacks. If it is closed source, this is hardly possible or often such a self-defense is even illegal.

[scarface74]

In theory yes, but just to take one well known example, the HeartBleed SSL bug was introduced in 2012 but wasn't found until 2014.

[throwaway2048]

At least it can be patched, if the equivilent bug occured in a closed source arm SoC driver, it would NEVER be patched.

[eridius]

Why wouldn't it be? If a vendor doesn't patch their drivers to fix security issues, people will stop using their products.