Thanks for your reply, although I am not the age of a boy as greeting in your post seems to indicate. I have been deeply involved in computer systems for over 20 years, and graduated as an EE at the top of my class, even serving as chairman of our IEEE branch my senior year. I now provide overall configuration management of a large scale network consisting of thousands of systems, which were originally various flavors of UNIX and VMS, which slowly migrated towards PCs through the use of Pathworks and NetWare, and eventually reaching our current end state of UNIX and Windows. My home experiences include multiple Tandy and Apple computers, as well as IBM type PC's. I have been very polite in my responses to you and respectfully request the same.
In your response, you didn't seem to address the question I originally posed about how your model in any way assures there are more "good" people than "bad" people looking over your totally exposed code. This relationship is extremely important, especially as the code size begins to grow in size and evolve in complexity, and if you ever exceed a critical mass point of more holes being found than your volunteer force can support, you theoretically will never be able to catch up.
Concerning the possibility of unorganized coders from around the world being able to successfully outproduce the best that Microsoft has to offer, all I can offer is my opinion that it doesn't seem to be happening, the Linux operating system still seems rough around the user edges and has few applications to go with it. And as soon as Linux began to demonstrate some full robustness, now we hear claims that the high end capability was likely stolen from UNIX, and not developed by the OSS crowd at all.
Concerning the outsourcing of jobs to China etc, I sincerely doubt those positions are going to be developing core operating system components etc. Many of those positions are actually going to be manufacturing (shrink wrap), disk pressing, and even marketeers needed to start actually regaining some licensing costs from all the Chinese/Indians who are illegally copying their wares. There will certainly be some software engineering going on, but it will very likely be more 'testing' or other mundane roles, not cutting edge micro-kernel upgrade improvements.
Thanks again for your message, and I look forward to discussing any item of your choosing in the future. Goodnight to All.
Ratio: The "bad" people in your scenerio are people who keep their findings private for their own exploitation, and that can just as easily happen in the closed source world as well-- we know closed source is frequently milked for its vulnerabilities, all you need is a debugger/disassembler and time. At least with open source, we're capable of stumbling across an undivulged vulnerability even if that is not what we set out to do. If code review is suspended in a closed source project (and there is no economic reason to continue funding it after the product is deemed bug free), it's not very likely an undivulged vulnerability will ever be discovered, not enough people go hunting for those kinds of things in compiled code. So in that sense, its more likely that closed source programs will have a greater percentage of bad guys than a similarly sized open source program.
As for outproducing: there is a mighty difference between user interface programming and core functionality. Microsoft puts a large focus on the user interface side, often letting core functionality slip. Open source, with their many cooks approach, tends to have a more complete core functionality with many useful options, but the hacker mentality often lacks a thoroughly planned user interface. This results in what we've all found, Linux, et al aren't ready for the masses on the desktop, but it sure as hell kicks the pants off Microsoft when it comes to performing some specific task. More so, open source allows afforable software customization, done in-house or contracted, it's much more likely to happen than begging the closed source/shrinkwrap vendor to tweak its product. (Though you're likely to have much more success w/customizations the smaller the closed source company. I've had great success persuading small 2-3 man companies to implement my ideas. Whereas I doubt a human even read my mail sent to some of the larger ones.)
Oh, rough edges? Have you used Microsoft's command line?Rough around the edges is the best you could say for it. Give me a bash prompt and a good terminal program any day. I've gone as far as installing Cygwin (Unix for Windows), bash, sshd, and using SecureCRT to ssh into my Windows XP box, just to avoid that blasted Microsoft command line and its awkward DOS box.
Outsourcing: don't be surprised if in the coming years most software development scurries off to the far corners of the earth. There is no economical reason it will not.