Open Source vs. clever thiefs.
Here's a story (which is mostly true):
A computer company moves its main office into a new building, actually, the office is located in one half of the third floor of the new building.
The company has lot's of valuable equipment so of course they install a burgalr alarm which is connected to a security company responding to incidents. The half floor used by the company is physically separated from the other half of the floor by a sturdy firewall having exactly one pair of emergency exit doors.
The firewall is a class 2 wall so it doesen't need to be protected even if the unused half floor is unoccupied for the moment, the emergency exit doors on the other hand is heavilly locked down at night.
Closed Source
The estate company has provided the computer campany with one set of blueprints for the floor they use a part of. All sequrity arrangements are provided with this blueprint as a point of reference. All other blueprints are the private proprietary property of the estate company (someone might copy the building).
Revealed Source
Clever thievs have gained access to some more blueprints of the floor showing a fantastic design feature...
Monday moring
...monday morning lots of equipment is missing. Initially, no point of entrance or exit can be found, the burglary is a mystery. Finally a hole is found in the firewall.
Apparently, there were two more emergency exit doors hidden in the firewall, hidden from view by recent 'facelifting' operations on the building. The computer campany never saw that one, but the thiefs had the source - hence all they had to do was to use a small knife to cut themselves through the thin wall hiding the emergency exit door an that was it.
Lessons learned
If the computer company had gained access to the source (blueprints), they could have acted on the true reality and intercepted the weakness, now they had a big problem on their hand instead.
Comments