In general, the vast majority of open-source code is "less safe". Known vulnerabilities won't be fixed because there is no incentive to do so. The most actively maintained OS code are maintained by people on the payroll of private companies and not by the "many eyes". Open Source Security and Risk Analysis 2023 84% of codebases contained at least one vulnerability 48% of codebases contained high-risk vulnerabilities 89% were more than 4 years out of date 91% contained components that weren't the current version 91% had received no development activity in the last 2 years 88% contained components with no activity in the last 2 years and contained components that weren't the latest version. OPERATIONAL RISK IS PERVASIVE "A worrying number of codebases contained open source that had no development activity and no user updates in the last two years. When no feature upgrades, code improvements, or security remediation occurs for 24 months, it’s likely the project is no longer being maintained at all."

@@calvinsylveste8474 showing a bunch of stats about open source is meaningless if you don't have the corresponding stats for proprietary software (the question is about open source being LESS safe). There are billions of examples of private companies dragging their feet and not fixing known vulnerabilities mostly because they can just supress public knowledge of them. As for abandonware, sure it's full of bugs, but abandonware isn't a problem unique to open source.