It's not safe to say that open source software is safer or less safe than proprietary software. You can't look at the source code of Microsoft Windows to know it doesn't have obvious back doors, but it's also unrealistic that you're going to audit 400 npm packages that your Javascript program uses every time they change.

It's hard to prove that hardware wasn't tampered with at the factory and in fact it is absolutely routine for hardware to come with "backdoors" such as boundary scan implementations, unexpected ways to read out firmware, etc.

It is however safe to say that there are a lot more eyes on those 400 npm packages than there are on the Windows source code. Moreover with the spread of bug bounty programs I would expect that the likelihood of security bugs in widely used open source software to be further reduced. It should be a lot easier for a bounty hunter to find bugs in open source packages that are used by some target companies than to find them without access to the source code.

There's far more to hardware than just designing the logic circuits (open source designs do exist such as Risc V) you also have to fabricate them and the processes for fabricating CPU's, GPU's and similar chips are probably the most advanced of any technology, requiring equipment that costs millions to billions of dollars.

It is, isn't it?

https://mntre.com/media/reform_md/2020-05-08-the-much-more-p...