Open Source software is often assumed to be less secure than proprietary software because the source code is open to scrutiny from anybody who wants to to look at it. The truth of the matter is that looking at the code (which can often be many 100,000's lines) is a very inefficient way of finding insecurities indeed a lot of people have found many insecurities in Internet Explorer and Windows without seeing a line of code (Microsoft's software is proprietary so no code is available)

Statistically the facts do not support that open source software is inherently more vulnerable. For instance, a report by code analysis company Coverity found only 985 bugs in the 5.7 million lines of code in the Linux kernel. By comparison, a study conducted by Carnegie Mellon University's CyLab indicated that a typical commercial, closed source program has between twenty and thirty bugs per thousand lines of code. This bug rate would result in more than 114,000 bugs in 5.7 million lines of code, over 114 times as many as found in the Linux kernel.

As stated by the OSI above open source software is created using peer review with many eyes looking for insecurities far reducing any possible Trojan horse or root-kit as made famous by Sony where software which was covertly installed on Windows machines from Sony Music CD's interfered with the normal running of the Windows system and created a security hole leaving unsuspecting users vulnerable to attack.

All software has bugs (errors in the codes which makes the software behave in an unexpected or unplanned way)  but often within proprietary software companies bug fixing is not given a high priority unless it creates a significant commercial issue. Often the people experiencing a bug are a minority of the users and often the users are so locked in to using the software that they have to wait until the software company decides to fix the problem- nobody else can see the bug in the code so nobody else can fix it. In the open source world there is often large communities around popular projects and many people who may not have the time to develop software full time can devote some time to finding and indeed fixing bugs. In the open source world bug finding and fixing is near enough a sport enjoyed by many.