read
I haven't yet attempted to support my belief that open source code is the only secure code, it remains a postulate. External support comes not just from Bruce Schneier et alii but this week also from The Economist. Unfortunately the online version of the article is hidden behind a paywall, but if you happen to be a subscriber then check it out here.
It's only a sentence at the end of the article, and I'm not sure the writer has any particular authority on the subject, but hey, it's The Economist :-)