As Heinlein noted, TANSTAAFL, just like there's no such thing as free beer. Everything has a cost. Even free software.
Free software is free as in beer. If you claim it's not free because of the time to put in, then $100 lying on the pavement in front of you isn't free because you have to take the time t ogo and bend down and pick it up. Making such claims is basically changing the definition of the word "free" to mean something other than what it actually means.
Linux is Free as in Beer because you can get it for no cost.
And as for a free lunch, well, I think he was mistaken. I remember switching to Linux in the late 90s. For what I was doing, it was better in ever aspect than what I was switching from and free as in both speech and beer.
and the idea that "with enough eyes all bugs are shallow" is patently false.
It never meant there will be no bugs, it meant that once observed the bugs will be shallow and therefore fixed easily. Heartbleed is a perfect example of the many eyes thing: it was fixed within hours. Deep bugs are hard to fix, and shallow ones are easy to fix. The meaning of the quote was all about fixability, not nonexistence.
The solution would be to do a code freeze for 2-3 years while the developers of the various projects audit their code and the ways other projects interact with their code - not just for security problems, but to get rid of bloat and cruft. That's not going to happen, because it makes too much sense. Everyone wants the newest shiny.
If you want that, then OpenBSD is read and waiting for you :)