I'm not going to research into this, at all, but that only works for the UoM example. Also we're talking about kernel level security issues, not some two bit malware code embedded or injected into an application.Yes, it's easy if you are sending patches from a respected (well no longer lulz) university email under the tutelage of a formerly respected professor(s).
Open source software is neither more nor less secure; however, when issues are found they can be tracked and fixed in the _open_, with full visibility by anyone.