Unfound security holes in Unix-like OSs

What many people forget is that most Unix or Linux reported potential vulnerabillites are just that. Potential.

The advantage that these systems have is that the code is open to inspection. Many (but obviously not all) of the reported holes are as a result of buffer-overruns, which have been identified by syntactic analysis of the source code. What is found is that buffers overlap, or have unbounded copy operations performed on them. This means that something will be affected, but it is unlikely that many of them will have real security exploits, although DoS exploits may be possible.

Contrast this to secret code. Only the code-owners and their trusted partners (who will have signed non-disclosure agreements) have this level of access. Most published exploits are real, with proof-of-exploit code available.

Which of these flaws is more dangerous. And how many more 'potential' or real exploits remain in secret code supplied to millions of trusting users. It really makes a mockery of comparing the numbers of reported flaws in closed and open software, as certain well known OS suppliers do.

Open Source really is more secure, because ANYBODY can look at it to identify faults. And if they are any good, as well as finding holes, they can even fix them.