David Rice's book Geekonomics: The Real Cost of Insecure Software calls the software industry to account for its careless attitude toward security.
As reported on Forbes.com: Rice blames the software industry for a litany of hidden costs, ranging from the infrastructure needed to fix hackable bugs in software to recent data breaches at the U.S. State Department and the Pentagon--even a Boeing 747 crash in 2005 that resulted from software glitches. All told, he places the total economic cost of security flaws in software at around $180 billion a year.
Companies like Oracle or Microsoft say their software is unbreakable or trustworthy. But those statements are vacuous and cheap to make, and there's no consequences for when they're wrong.
I didn't receive the book yet so I am not sure how much mention of open source it contains. But you certainly can't make the argument that the risk is hidden such as with proprietary products.