Yeah I think you can't argue that malicious hackers won't find it and make it far worse if we removed the non-malicious hackers. It's obvious that hacking would be far worse without security researchers finding and disclosing bugs that can be fixed.
What Linus is describing seems to be more along the lines of 'public approval'. When a big new hack is found, the researcher who finds the hack is treated like a rock star and given a ton of praise, and the company/coder responsible for the security bug gets a lot of dirt thrown their way. "How can you be so stupid as to let customer's data be taken?!" - that kind of thing. As Linus says, these bugs are generally very complex things and people obviously make mistakes.
Might be better for the community in general to try and not treat security researchers/hackers with so much awe? Moot point at any rate, it's just human nature - not going to be able to change that. People will always jump on this kind of thing (strikers in soccer get far more awe than defenders, even though both are equally valuable to the team).
That's true, there's a lot of ego in this. Just watch any DEFCON talk for examples. OTOH nobody wants to be the idiot who wrote the insecure code or don't want their company shamed.
This can help developers persuade their bosses to allow them to spend the necessary time to diligently check their work for security issues.
Part of this is probably also the holywood perpetrated stereotype of the "hacker" as some evil/good mastermind who can destroy military infrastructure by typing a few commands on his terminal. This is seen as sexier than being some guy who writes code for a living.
"... the misdeeds of security industry and security researchers who become famous by uncovering the mistakes that people like Torvalds have missed." (from the article)
That's kind of what he's talking about though, isn't it? That idiot who let the vulnerable code go live to half the world in the case of a Linux vulnerability would be Linus. You'd have to argue pretty well to be able to convince anyone that Linus is an idiot though! Security (especially at a kernel level) is likely far too complex to be just a checklist of "don't do this" or "do this" and it magically becomes secure.
What Linus is describing seems to be more along the lines of 'public approval'. When a big new hack is found, the researcher who finds the hack is treated like a rock star and given a ton of praise, and the company/coder responsible for the security bug gets a lot of dirt thrown their way. "How can you be so stupid as to let customer's data be taken?!" - that kind of thing. As Linus says, these bugs are generally very complex things and people obviously make mistakes.
Might be better for the community in general to try and not treat security researchers/hackers with so much awe? Moot point at any rate, it's just human nature - not going to be able to change that. People will always jump on this kind of thing (strikers in soccer get far more awe than defenders, even though both are equally valuable to the team).