Are BOTs aided by Open-Source model?

Dave Marcus of

McAfee’s Avert Labs says that developers of malicious software including

Trojans and bots are benefiting from the open-source development model.  Apparently developers of the Agobot malware

family are using CVS (Concurrent

Versions System) to manage source file and collaborate—this greatly

increases the speed at which updates can be propagated and modifications


A full article covering the topic of this open-source trend

can be found in McAfee’s new magazine, Sage, released yesterday.  The title of the article, ‘Paying a price for

the open-source advantage’ does make it sound like an attack on the open-source

model—blaming it for increasing threats online; this apparently is not the

intention—however full disclosure was more of an issue “We're not taking aim at

the open-source movement; we're talking about the full-disclosure model and how

that effectively serves malware development,”.

Full disclosure is a topic on which many people

disagree.  On the one hand full

disclosure can aid malicious code writers to exploit vulnerabilities more

quickly, on the other it aids a fast response from software vendors to close

these holes.

What’s your opinion on full disclosure?  Is it good or bad (no sitting on the fence)?