Dark reading has an interesting article on issues in Open Source software. It looks like Fortify did a bunch of testing of some Open Source software and all was not happy in the land of free stuff.
Don't get me wrong, I like Open Source Software, but it's not immune to security issues, and I hope no one thought it was. I know that in theory it's better since it's open for public scrutiny but that's only if the community actually cares about security. I am personally a big fan of BSD (not sure why Linus is so touchy about that one http://article.gmane.org/gmane.linux.kernel/706950 ) but other packages have not stood the security test of time.
It's a good read, check it out.