VMware: The Disadvantage of Closed Source
It's not. Your license says you can't see it. The vendor won't show it to you. Good people are not supposed to look.
But bad people look all the time. Microsoft malware exists because bad people look, and find bits of the code they can exploit. It's a continuous game of cops and robbers, with security professionals trying to protect every window and bad guys knowing they only need to unlock one.
So news that code for VMware's ESX hypervisor was released , that more of it is to come, because someone calling themselves "Hardcore Charlie" successfully broke into China's export-import center, made some analysts go "hmmmm."
VMware(VMW) may be the leading hypervisor because, unlike rivals KVM and Xen, it is closed source. Old-line enterprise managers like closed source code. They think it's safer. Indeed, VMware's stock keeps rising to new highs, giving the company currency with which to make acquisitions, and results justify the optimism, because of this perceived safety.
But that image of safety is false. It's true that, because KVM and Xen are open source, bad guys can see the code. But so can the good guys. A bad guy's exploit can quickly be addressed by a large community, not just by security specialists and the company that owns the code.
In other words, open source code is safer. By design. The bigger the code base, the closer it lies to what the computer is doing, the safer open source gets, because the more people are depending on it.
Don't believe me? Compare the number of successful exploits of Linux servers with those of Windows, over the last several years. Compare how quickly those holes were patched. It's true that open source users may be slow to patch their stuff, that potential exploits can live on remote servers for years, but even that doesn't result in a crime wave.