I personally think there's not a lot in it.

Being a web developer, I've seen a lot of web application source code - closed source as well as open source.

While it's true that the security of the application depends very much on the methodology and technology, I don't think whether it's open or closed makes a great deal of difference.

I've seen the same lame bugs come up again and again, in open and closed source alike, SQL injection for example.

There have been ample SQL injections in M$'s web application code (typically using ASP), and quite a lot also in open source stuff, like phpbb.

I think that some OSS projects though, like Linux, have extremely high standards.

Linux is one of the best ones, unfortunately nearly every else (OSS and otherwise) is a long way behind. REALISTICALLY, in many OSS projects, there are only a few developers, and they rarely, if ever, review one anothers' code.

In most cases, it's possible to get into an OSS group merely by sounding enthusiastic and competent. It's commonplace to hand out CVS commit access to total strangers.

Of course, Linux is an extreme example, its hierarchical peer review system ensures that every piece of code is either written by, or approved by, someone who Linus trusts a lot, and in most cases has met.

Slarty