I don't agree with that entirely. I somewhat agree, having OSS software is a big plus, but only if the developers properly utilize it and you take advantage of it.
Some good examples of this are OpenBSD. They have extensive code auditing technics among other things they do in attempt to ensure a secure OS. What they do, and on the budget that they do it, would be nearly impossible if they had to liscence the code from closed source vendors in order to look at it. And since it's OSS software I can benifit from their efforts even though I don't nessicarially use their OS.
But if people don't take advantage of it, or abuse it, or just make bad judgements you can end up with something like Redhat 7.x series OSes, which was nearly as bad as Windows. You even had a virus for those things, and even a worm or two that would go and attack unpatched Redhat 7 systems, just like Windows. (however Redhat has cleaned up their act since then and have gone a good ways forward with the Fedora/Redhat ES dual-natured model.)
In fact there are plenty of very security flawed OSS stuff. Like Bind, or Wu-FTP, for instance.
So it's a case by case basis. You have to be educated and circumspect on what you depend on. Which leads to the second advantage of OSS developement model. As a end user you have a chance to participate or at least check out the stuff your working with. You can subscribe to user and developer mailing lists and check out what they are doing.
If you don't like what you see, then don't use the software. You don't have to take their word for it, but with closed source software it's much more of a guessing game. Contributers and developers will have NDA agreements. 3rd party people that do get access to the code won't be able to tell you anything about it. You will not be able to see the results of their testing, or benifit from browsing thru the bugreports.
I mean how many times have you heard people talking about how they won't use ReiserFS because how Reiser goes about developement and breaking unnessicary stuff? How many people benifit from reading Redhat's forums on stuff or subscribing to OpenBSD mailing lists?
That sort of thing. FOSS is definately no silver bullet, it's a developemental model, a tool like everything else.
One major thing that Closed source software generally has going for it, which FOSS is just beginning to catch onto is all the testing that they do. Of course not all closed source vendors do it, from a marketing persceptive it's just as effective to simply tell everyone you do it, and not realy do it, or do it badly. I do take it for granted that they do do this testing stuff though.
Personally I feel that extensive professional testing and auditing is more important the fact then software is Open source or closed source. It's something that untill recently the OSS crowd ignored in favor of depending on the simplistic "many eyes" approach.
This "science of quality accurance" testing is very important to making secure and stable software.
There is a very good lecture titled "Writing Better Software" from a famous Redhat Software engineer, Alan Cox.
here is a article summarizing the lecture.
here are links to video recordings of the actual lecture.
