Bugfixing by everyone
As you state with open source / free software everyone is allowed to fix bugs themselves. This surely is right, but far from reality. Only a minority of the users are developers and even of them only few care to fix a bug by theirselves. The majority simply waits for the distributor or original author to release a fixed version.
Changing all software from proprietary to free software will not abandon the security issue unless you change the attitude of the users. It helps, yes, since bugs are spotted faster and more people will do code reviews. But if the users don't care or even know about security that advantage does not mean much.