OpenSource considered harmfull?

Question

What would you think about military strategist who is publishing full plans for all of important infrastructure? I think that person will be stupid.

Can be this analogy case with OpenSource?

Here is one possible scenario of attack on OpenSource systems in near future:

Say, there are enemy goverment with big budget of money and all needed resources. They create supervirus which traverse throught internet and look on what type of opensource software some server uses. Then they download sources for this software and automaticaly find vulnerabilities to attack on this servers and then uses this server to attack on other servers. They can also use metainformation like records in version controls systems about changes in sources (for discovering errors like Heartbleed bug) They can also build database about quality of sources produced by concrete programmer and then concentrate on changes maded by more fallible programmers. By having full access to sources and metainformations they can use many other techniques to increase probability of finding vulnerability.

I thing this type of attack is improbable today, but what in future? From strategic point of view it is good idea to build your civilisation on systems with public plans without any control who is viewing this plans?

Answer 1

Heartbleed (yes, I'm sick of that word too) exposed a 'weakness' in the open source system. A small team, with only 1 full time member, managed to become responsible for software that runs a good chunk of the internet. People assume that other people are vetting the code and finding problems, which may or may not be the case. There are probably very few people with the expertise necessary to fully understand a complex piece of software and identify any issues within it.

That said, I would rather use software where people can view the code, rather than rely on commercial software where the source code is only available to a select few.