What exactly is your argument? That closed-source is more secure than open-source, because there are no 'guarantees' that the open-source project gets the security audit it needs?
Hogwash.
There is no guarantee that just because something is closed-source, its going to be 'safer' or necessarily 'more secure'.
Billion-dollar security industries have risen because Microsoft won't/can't fix its bugs.
You might wish I had said that closed-source was more secure than open-source, but I didn't say that.
However, I am pointing out that the argument of "open-source is more secure because lots of security researchers worked hard to find all the bugs" necessarily leads to the conclusion that Windows is the most secure thing ever. Armies of people have looked at that, both internally and externally.
I also said nothing whatsoever about "guarantees." But the idea that the very expensive labor needed to look through a code-base for vulnerabilities somehow shows up for free merely because a project is open-source is deeply flawed.
I did not claim that Windows was the most secure thing ever. I was just giving the logical result of "the most audited code is the most secure code."
Yes, lots of people have looked at the Linux kernel. Looking at something doesn't make it more secure. In fact, Linus has to spend some of his time dealing with assholes who decide the best way to submit pull requests is by making petitions on change.org to get Linux to change its RNG.
If right now a thousand PHP developers decided to look at qmail's source to look for bugs, djb would just think "oh shit, now I have to deal with that today." You need people highly skilled in the art. The most high profile open-source projects can muster that for free, but by definition most open source projects cannot be the most high profile.
Hogwash.
There is no guarantee that just because something is closed-source, its going to be 'safer' or necessarily 'more secure'.
Billion-dollar security industries have risen because Microsoft won't/can't fix its bugs.