Him : "how can i know if some company or organization offer me some 'SECURE' product is secure ?"
Me : "As long the system is closed from public, you can't !"

Am i Wrong? or the Open Source ideology is the best way ?

@norman70688 yep. Just go in thinking it's already broken

Complex open source systems can be broken in the same way with nobody noticing for a loooong time

@norman70688 even this rule is not sure

@Kimmax yea but once it's finally found, the community can find it and patch it. Or fork it of necessary. As opposed to a closed source company who assure that "we're on it. It's a high priority" or the ones who are transparent enough to mark as "wont-fix"