Security by obscurity is not a real security anyway. So I don't think open sourcing would hurt it. If anything, it can even improve security, since more researchers would be able to review it.
I think that depends on just how many security flaws are in the codebase. If the codebase is so full of bugs that Adobe wouldn't be able to keep up with the flood of exploits when it's open sourced, they're better off keeping it closed for now.
Basically, open source makes it easier to find security bugs, but that's no help if you already have your hands full with the ones you can find yourself. I don't know if Flash is in that state, but it kind of sounds like it.
These are Adobe's concerns, not mine. I don't work for Adobe, but I'm familiar with Flash and have talked to Adobe engineers before.
And it's not an easy call to make: keep in mind how many computers have Flash installed. If open sourcing the project would double the rate that vulnerabilities get found and exploited, that's a real problem for Adobe.
Trusted partners already have the Flash code and report security issues.
Is that something with any real evidence behind it or just Microsoft FUD? I have a hard time believing that patent trolls would even be interested in hiring engineers to read source code. Their business model is to send you a threatening letter with a settlement demand which is noticeably less than the cost of vindicating yourself in a courtroom. What do they care anything about what the code actually does, so long as they can maintain the charade sufficiently to make the threat credible?
