I'll confess I haven't read the paper, but I'm going to chip in with my views on the matter anyway.
I think open source and Linux are two very different matters since Linux started taking off as a server. Linux was pretty much responsible for opening up the whole closed vs open source argument, but now Linux has a great deal of commercial involvement that
sort of removes it from an open source argument.
The open source argument is based around transparency of the source code. However (people have mentioned this), this factor doesn't necessarily mean the bugs will be fixed. They may be spotted yes, and reported. That's assuming people spend their spare time
examining the source code. Perhaps security firms do this, I don't know.
One issue I have with open source projects is you don't know the quality of the people you're working with. Or whether these people will work the same amount of time on the project as you. People are a lot more motivated if they know they will lose their job
if they don't pull their weight. Or that they will get rewarded for their time.
Look at Mono - its ended up being given Novell's financial clout to give it some kind of roadmap and direction.
Now if I go and write an alternative to Exchange Server tommorow, and then open source it, what benefit do I get from open sourcing it? People want to contribute to the project, then sure join up. The fact remains it needs project managing, people assigning
to each task etc. etc. Having the source open to the public doesn't automatically make the product advance faster.