| Won't complain FOSS/OSS has its drawbacks, but everything has two sides. I might be a strange case, but I just have this feeling "real" companies spend their $$$ on meetings in Bahamas and Ferraris, while FOSS/OSS would be more open to security audits/etc. A company with money on the line can (also) easily be shut down or aquired. I imagine a FOSS/OSS team would be demanding more guarantees for the future of the project, while "in it for the money" companies would take the check and not give a damn if it was shut down the same day. "Real" companies often seem to push releases/features (prematurely?) to attract new customers. That the new features pass review/QA doesn't necessarily mean they are implemented right (goto fail?). In addition FOSS/OSS have public bug trackers, I'd rather know there are x number of bugs labeled "security" in my os, than not beeing told at all. Support can (should?) be where open source make money, there are lots of FOSS/OSS projects out there offering paid support/installations/sass. And the unknown collection of open source developers _may_ be a much better collection of security specialists/coders than in the "real" company. As most of FOSS/OSS is done voluntarily you don't have to pay huge paychecks for top of the line expertise. Bottom line, I trust Debian (& co) and Mozilla. I don't trust Microsoft, Apple and Google. This is 100% biased as to what I think. I understand that this is a two sided issue, and fully understand people who think like you sketched out. I'm just not one of those people :P |