ynow... there is a moral to this tale: if businesses and individuals making money from software (libre) had properly funded it, putting some of the money that they saved from not purchasing proprietary software into the hands of those software teams, would we be talking about this now? in all probability, the answer is no.
And that's a flaw in the open source model. There is the assumption that people will review code and give back to the code... but it is just naive.
It assumes that companies actually care about utopian ideals and not just making money for shareholders.
Additionally in the field of system administration, when issues like this occur it is always about appropriating blame. Some places would rather let hackers break their systems than risk upsetting customers with downtime to fix issues. If a hacker gets in, the hacker gets blamed.... but if the user experiences downtime from a patch or critical upgrade which maybe breaks compatibility with the old.... the company gets the blame for trying to protect it's users!
That's just the ugly realities we deal with.