Comment by johncalvinyoung

> On the other hand, intentional vulnerability submission is an unique threat vector that OSS has, and which proprietary software doesn't.

On this specific point, it only holds if you restrict the assertion to 'intentional submission of vulnerabilities by outsiders'. I don't work in fintech, but I've read allegations that insider-created vulnerabilities and backdoors are a very real risk.