It would be a terrible idea for them to be open source.
Open source only works when the value of using an exploit is less than the value of reporting and patching the exploit to the individual or group that discovers it.
Thats horse shit. For one thing most of the people that contribute to open source projects do it for non monetary reasons. As soon as you let in the corporate contributors code quality goes down. Look at how microsoft and redhat are destroying the linux kernel and the value of getting an exploit into that is nearly priceless. The cia had to literally position trannies to do hostile takeovers of open source projects so they could inject bugs into them. Obfuscation by definition is not security.
People are more likely to keep zero-days hidden in election software so that they can just exploit it and get their politician in office.
How can you keep a flaw hidden in plain site. Trust me election code would have every possible eye looking at it. Asymmetric encryption and all other encryption algorithms are open source and it keeps everything in the world secure.
That would only be true if only one person or group found the exploit and could guarantee no one else had found it.
Or multiple groups wish to profit from it individually.
If too many people know about the exploit it's too risky to use, since none of them can trust the others not to blow the whistle.
(post is archived)