@scottalanmiller said in Is Open Source Really So Much More Secure By Nature:
@Pete-S I think if you look at that list and think about it, you'd see just how dramatically that list is telling us that open source is winning on vulnerabilities. Now, I still stand by my statement that the list is utter gibberish and means literally nothing whatsoever, BUT, let's assume that it means something and that the numbers are all true and directly comparable.
Now, let's look at the numbers that are bad enough to make the 2019 list (notice Linux isn't even on the list, it's all Windows and OMG cPanel!!!) with Fedora at 184 and Windows Server 2016 at 360. Fedora includes Linux, plus lots of other things, and includes every version of Fedora (about 31 releases in 2019.) Windows Server 2016 is a single release by comparison.
Now let's look at the size of the two. Fedora isn't just the tiny footprint that Windows is, no. It includes databases, video games, multiple products in every category... Windows Server 2016 is between 2-6GB. Each release of Fedora is around 250GB. It's apples to oranges. Windows is a tight OS with very few "extra packages" included in the OS. Sure it has Notepad, but the amount of bloat is small (in the OS itself.) Fedora may not install much by default if you don't want it to, but the entire OS is as much as 100x the size of Windows. Windows Server doesn't include Exchange or SQL Server. But Fedora includes several competitors to Exchange and myriad competitors to SQL Server, as examples. Plus half a dozen commercial video editors. Multiple web browsers, and on and on. Windows Server is also just the server release, but Fedora has Workstation, Cloud, and Server all lumped together as well.
That a single release of Windows Server has even 2% the vulnerabilities of the entire Fedora ecosystem collectives would be something. But that it has twice as many, lol. With some perspective, it's downright staggering how many more vulnerabilities Windows has per line of code.
Well, you said vulnerabilities doesn't mean it less secure! Awesome! And you don't know how many lines of code there is in Windows. Or do you have access to the source? Some Windows customers do.
As far as I know there is NO research that shows that open source products are more or less secure than close source products. The only research I've seen shows that there is no advantage to either system over the other.
So the correct answer to the OPs question is "No, there is no evidence that suggests open source is more or less secure by nature".
And before you start hammering on the keyboard - arguments and opinion is not proof.