big corporations

Big corporations and commercial software are so much different from open source projects that apples and oranges is a massive understatement, more like apples and asteroids.

Commercial projects have more constraints for a plethora of reasons. Open source, not so much. Some examples from a vendor perspective: Large customers and their environments limit (e.g. your biggest customer uses old crappy thing x that limits developers), license restrictions (e.g. using GPL code risks having to release the code and rights to distribute the software you are trying to sell), over promising marketing or sales that creates deadlines that limit quality control, incompetent co-workers, ability of your support staff and SLA requirements, etc. In house development has some of those issues, except they have to deal with crappy thing x that vendor won’t or can’t update, super important stuff using really old systems that are really hard to replace, like the software controlling a 10 million dollar 20 year old centrifuge used to separate a chemical critical to an industrial process.

Open source doesn’t have these constraints, users can just fork the code and keep using the old stuff if their COBOL based financial transaction processing system needs it and update it themselves.

The millions of eyeballs on open source code is exaggerated. Most users of OSS, even those with the skills, don’t look at the code of a lot of things they use. Their realistically isn’t time. BUT…password storage, authentication, and session code is almost guaranteed to get scrutiny.

Last commercial software can do bad things like plain text passwords because they want to cut corners for the bottom line.

Open source software can still completely suck and make poor decisions as well because anyone can publish some OSS whether or not it is actually good.