Re: A million eyes look at the source
It's not so much that having the source code solves all problems. It's that hiding the source code solves no problems and creates new ones.
If no-one can see the source code then it is very easy to make programs do things other than their advertised purpose. If anyone can see the source code, then you can try putting malware in your program, but you might get caught, so you are less likely to try. You might think that no-one will look at the code, but you can't be sure.
I think you're right that most code is not looked at, or not looked at in the right places by the right people. But exploits *are* found and fixed in widely used open source programs, so at least we can see something is working.
There are no certainties, only tradeoffs. A malware writer trades effort needed to make malware against expected value of information stolen. An end user trades effort spent attempting to prevent or detect malware against value of the information that needs protecting. Open source definitely increases the effort a malware writer needs to make to hide their work. Whether it reduces the effort you need to spend on prevention and detection probably depends on what you are doing.