[btilly]

If a vulnerability is found in open source code, people will try it on yours. So they won't be finding it directly in yours, but that is not protecting you.

The real consequence is that how secure a product is depends more on the project than on whether it is open source. Apache and OpenBSD are two examples of very good open source code. Java and Rails are two examples of not so good open source code.

Google's website is an example of good closed source code. The software shipped by Linksys is an example of bad closed source code.

[LucasCollecchia]

I get that there are different levels of quality regardless of the type of code. I was more interested in the security effects of hiding code after the open source community has had a chance to deal with vulnerabilities. None of the examples you gave were specific to code which has transitioned between open to closed.

What I've gotten from your answer so far is that it isn't an effect which is general, and it'll depend on the project in question. Am I on the mark?

[btilly]

Yes. Opening closed code is always going to be problematic. But closing opened code can go either way.