An interesting coverage of the state of Open Source Software and the vulnerabilities it carries. I do recall a time where the common wisdom was that open source was more secure because you have thousands of eyes looking at the code as opposed to the closed environment of the corporate world that is focused on product releases and the bottom line only.
The irony seems to be that those two views have merged somewhat. The adoption or Open Source Software into the enterprise environment has diluted the religious zeal of the open source coder with a dash of the corporate world bottom line mentality.
I think in today’s world with complex supply chain for code and services used by software, that the simple maxim of all code has vulnerabilities is the only one that rings true. Regardless of source, open or closed, you need to address your application security, coding practices and supply chain.