[tantek]The practical problem we're seeing now however is that BigCo code has gotten so bloated that *despite* their superior security expertise and review, they have much more likelihood of "lurking bugs" than small simple OSS code (which has also likely been security reviewed, since it's OSS)
