Firefox: Security Through Obscurity?

A recent ZDNet article, “Firefox: When is a flaw not a flaw?” presented an interesting point:

One reader even took issue with the claim that Firefox is inherently more secure than [Internet Explorer]. “Firefox may offer some ’security through obscurity,’ but once it gets to any sort of critical mass, then it will be targeted. Since the hackers have the source code, their lives will be that much easier, and when a patched version is released, it will be easy for them to see where the vulnerability is and target older versions.” said one London-based IT worker.

I disagree.

If Firefox ever reaches critical mass, its security will hold up. Firefox is product motivated by pride, not profit. Not that there is anything at all wrong with profit, but money is the lowest motivation. Being money motivated - like some huge corporations - forces you to play a numbers game. You have to get your product out there first, fast and furious and get all the money you can. Quality takes a back seat to speed of release. And so what if it isn’t perfect? We’ll fix it later - after we’ve made a ton of money and can afford the quality control.

Open Source developers aren’t after the fast buck. They’re in it for the pride of accomplishment and, perhaps, some recognition of their skills. Their products are inherently better for this reason: They put their best work out there. The products are released with fewer flaws in the first place and any patches tend to be issued quickly. Whether or not hackers begin targeting Firefox, certainly the hype surrounding its official release has the flaw finders looking at it.

And they’re not finding much, now, are they?