Bruce Schneier repeats a point that should be well-known about security and Open Source, but which some still have trouble grasping: This is one of the areas where open-source software has a security edge. If everyone has access to the source code -- and security doesn't depend on its secrecy -- then there's no advantage in getting a copy. As long as companies rely on obscurity for their security, these sorts of attacks are possible and profitable. <https://www.schneier.com/blog/archives/2017/10/hp_shared_arcsi.html>