A quote from John Timmer

Enterprises should think carefully before adopting open source solutions due to persistent security issues, according to a report by the security firm Fortify. The report arose from Fortify's efforts in the Java Open Review Project, in which it subjected open source Java projects to a full security audit. Fortify's concerns arise not so much from the bugs it identified as from the fact that it was difficult to identify anyone responsible for fixing them; many persisted for several iterations of the software.

via