Huh? The quote is "given enough eyeballs, all bugs are shallow." That's a clear admission that open software, like all other software, contains bugs; that's why you want the many eyeballs. Any claim otherwise is a symptom of not understanding plain English. Eric's whole point was that the bugs in open software will be found and fixed faster than the bugs in other software, due to the population of interested people who will study it, looking for the bugs.
To coin a corollary, because "given enough eyeballs, all bugs are shallow" (Raymond), in practice "given enough eyeballs, each eyeball will all assume the others have inspected the code, and even shallow bugs can remain."
This bug wasn't some deep complex intricacy. It was an incredibly simple and straightforward blunder that went unnoticed for years. If it had broken requests that should succeed, those many eyeballs would have felt some pain and been prompted into finding the bug. But because instead it let you do something you shouldn't be able to (a security hole), people using the library normally did not feel the pain of things breaking. And so, it seems, they weren't motivated to review the code until much later.
The big problem, as consumers of libraries, is that reviews cost. If every update of an open source library means its users then need to review the code change (in case it's brought in a heart bleed like bug that the committers did not check for), then free software becomes more expensive than it used to be. As programmers, each of us uses a lot of free software in most of our projects. And I suspect on average we read less than 5% of the code that is brought in (dependencies can have transitive dependencies... have you reviewed the entire code of the web framework you use plus all its supporting libraries and all those libraries' supporting libraries...?) We are all deeply dependent on some of the other eyes having looked because we simply can't afford the time to look at it all ourselves.
It's not a distinction between open versus closed per se. But as open source has become ubiquitous, so too has a disclaimer of liability. Almost every library we (collectively) use is licensed "AS IS, WITHOUT WARRANTY OF ANY KIND, INCLUDING... FITNESS FOR PURPOSE". In other words, we live in an era where for pretty much every software product, either itself or at least one of its dependencies, carries an all-caps notice that it might be rubbish, unfit for purpose, burn your house down, set fire to your cat. This runs completely counter to an idea of building in safety -- instead, we just disclaim away liability for unsafety.
Here we could perhaps divert into alarmist analogies ... fire extinguishers labelled "WE DO NOT GUARANTEE THIS IS IN ANY WAY SUITABLE FOR PUTTING OUT FIRES" and potentially containing flammable foam? Building industries with no planning, certification or inspection requirements, and where the only requirement for the structural engineer of a skyscraper is that the untrained interviewer thought he answered that brainteaser about how many marbles you could fit in a space helmet very eloquently. But that would be being provocative for its own sake.
More realistically, we're in a world where a very large amount of software development assumes that it is non-critical and that breakage is minor ... even as it runs more and more of the economy. And pretty much everyone does it because we're all so economically optimised that it's the only way we can afford to get anything done.