When the one is doing all it can to encourage everyone to take a look at the code and the other is doing all it can to prevent anyone form seeing the code how can you possible say it’s only tangentially related?
Sure the vast majority of people don’t inspect their own code, the obvious reason for this is that the vast majority of people don’t have the skills to do this. It seems to me to be overwhelmingly obvious that the way you get as many eyes on your code as possible is to open access to it, and even though there is no way you will prevent all people from looking at your code, if you want at least some people with good intentions to also look at your code, don’t sue them!
It doesn’t prevent those things, no, it does make spotting them incredibly more likely. Open-source gives me the option to look at it, closed-source doesn’t.
Isn’t auditing just another word for having another set of eyes looking at the code? Are you now saying that one of the benefits of open-source software is that you can get more eyes to look at it?
Nowhere near all open-source users inspect their code, but that’s not what “many eyes” is about, what you want is to make it as easy as possible for motivated white hat hackers to look at, and comment on, your code. There will probably also be some white hat hackers that have a look at, and comment on, closed source software but the threat of lawsuits makes this number much lower.
Black hat hackers, criminals, hacking agencies of goverments, all have no such problems, they look at both code sets with the same amount of enthusiasm. So you can imagine that even if the amount of eyes that looks at the code is raised only a little, you may already get a big improvement is the ratio of black hats vs white hats.
