I find the title irritating, as it seems to impugn open source software as a category. Why is the licensing model even relevant? A better phrasing would be something like "...flaw in a popular web framework" or "...flaw in Apache Struts."
Also, many open source proponents claim that open source software is more secure because the “many eyes” theory will lead to bugs and vulnerabilities being discovered sooner. This and other high profile exploits like heartbleed show how well this theory applies in practice is questionable.
I find that conclusion presumptuous. Unless you can say how many bugs would have been discovered had the source been closed, then it doesn't make sense to claim the opposite.
Also, do we know that e.g. this and Heartbleed were discovered by reading the source? If they weren't then the availability of the source code is inconsequential IMO.
Ah. Yes, I suppose. As it is easier to find exploits in service of closing them as well as in using them (security researchers seem to mostly come down on the side that this averages out as more secure). If that's what you meant, I apologise for the misinterpretation. This particular article doesn't make that point, though, so I remain with the feeling that mentioning the license model in the title is irrelevant and a bit misleading.
