Open Source software can absolutely be exploited. The idea that open source software is inherently more secure is simply not true. It’s based on the premise that if everyone can view the source code, someone will come along and fix all of the bugs. Whom do you think has more motivation, bored hobbyists sleuthing through someone else’s program code to find obscure vulnerabilities and fix them out of the goodness of their heart, or blackhats sleuthing through someone else’s program code to find obscure vulnerabilities and exploit them for monetary gain?

Virtually all current web browsers are either open source or based on open source underpinnings. However, browser vulnerabilities pop up all of the time. In fact, exploits found by looking at the source code for Apple’s WebKit rendering engine were used to exploit the system software on Sony’s Playstation 4 and 5 game consoles.

Really good open source software projects have paid developers with responsibility over specific parts of the code base. Having all eyes on a project is not good enough because those eyes don’t know what they’re looking for. Rather, it’s much more important to have the right eyes on the project.