[eridius]

Open source software has plenty of high profile security disasters too. Pretending otherwise is either ignorant or disengenuous.

[wolfgke]

Unluckily this is true. But there is a central difference: If such a security bug occurs in an open source software, you can in principle look for the bug source yourself to fix it to secure your computer to against attacks. If it is closed source, this is hardly possible or often such a self-defense is even illegal.

[scarface74]

In theory yes, but just to take one well known example, the HeartBleed SSL bug was introduced in 2012 but wasn't found until 2014.

[throwaway2048]

At least it can be patched, if the equivilent bug occured in a closed source arm SoC driver, it would NEVER be patched.

[eridius]

Why wouldn't it be? If a vendor doesn't patch their drivers to fix security issues, people will stop using their products.