If the EC is questioning the security of Open Source software, why has it never questioned the obvious lack of security in Microsoft software?

What ways are there to test security? Black box approach (probe blindly, looking for attack vectors) and reviewing how the thing, software, building, bank vault or whatever, is constructed; therefore it is *easier* to explore security issues of something that is open than of something that is closed.

If you find a security flaw, how to rectify it? Well, for a building or a bank vault it might be difficult to retro-fit fixes, so maybe the method of construction, the plans, is best hidden; but some things, like software, can be easily patched and updated, so the finding of flaws through review of code, the programming equivalent of the building plans, will tend to result in improved security.

Ergo, open is more secure than closed.

Then sustainability: open source cannot be taken away, a company cannot choose to stop supporting a product in a way that leaves the user without support; it is more sustainable, not less.

I don’t even get where the use of standards is a bad thing…