Heartbleed was caused by a FreeBSD bug,
No. Heartbleed is a security bug in the OpenSSL cryptography library. OpenSSL, in turn, is an open-source implementation of the SSL and TLS protocols vailable for most Unix-like operating systems (including Solaris, Linux, Mac OS X and the various open source BSD operating systems), OpenVMS and Microsoft Windows. See? Not OS specific.
Shellshock was caused by a GNU bash bug.
Correct but, again, not OS specific.
Both projects are independent of the Linux Kernel Project. That's the project managed by Linus.
So blaming Linus management for the lost confidence on open source security is, at least, unbased.
True, but the article didn't mention either and, let's face it, a kernel with no applications to run wouldn't be much fun -- or useful.