Exactly. Being open makes things easier to audit, and to an extent encourages better due diligence (as embarrassments due to silly mistakes or, worse, attempted cover-ups, are more public!), but it doesn't enforce this in any way nor does it guarantee quality or completeness.
The point here should be about responsibility. When I screw up something that I picked up from "out in the open", eg. my server deployments, it more technically makes it my own fault. I am therefore more inclined to study an open circuit design because if it fails on me, I'm only left with myself to blame.
...and if I in fact identify any shortcomings, I can help others not to get hit by them, which makes the concept of openness "safer" in a way that is the sum of collective knowledge.
I just noticed my argument has analogies to Eric S. Raymond's argument about the cathedral and the bazaar.
I'd actually love to see a bazaar on the cpu side of things, be it just for the sake of what community efforts can achieve as opposed to the current mostly proprietary ecosystem.
Fortunately as we saw from the OpenSSL debacle a while back, often deep corporate pockets (like Google) will step up and audit/patch these projects. Being open is obviously a pre-requisite for that to happen.
> more about quality of auditing.
Exactly. Being open makes things easier to audit, and to an extent encourages better due diligence (as embarrassments due to silly mistakes or, worse, attempted cover-ups, are more public!), but it doesn't enforce this in any way nor does it guarantee quality or completeness.