Published source code can both help and hurt the security record of an application, but it will benefit fast bugs patching more than exposing weakness issues like security holes. Slow patching on an application could hurt companies IT infrastructure if they are using open source applications just because the vulnerabilities can be an advantage for hackers around the world. In all means, security is depends on how good a system administrator perform in their duties and responsibilities.
?
Not all Open Source application is created equal in term of security and maintenance cycle (you can say quality in some circumstances), so those applications that were poorly developed and planned will require more maintenance cycle and put system administrators to patch more often than those was well developed. Indirectly, choosing a well developed open source application will save companies even more money than they bargain for compared to commercial closed source applications. Ignoring patches will cause your IT department a very big loss not only financially but also in long run on your company's IT structure.
?
Some Open Source application developer like Red Hat (Developer of RedHat Linux Distributions) gives system administrators an easier way on patching applications, using their Up2Date service where couple clicks will help you patch your system easily without much hassle. Maybe someday most of open source application developer will take that road to make advisories and patches easier to be applied.
?
I would recommend system administrators to subscribe for advisories and the latest patches release at the Bugtraq mailing list (you can subscribe by e-mailing majordomo@securityfocus.com with the text "subscribe bugtraq"). In addition You should also visit CERT, a service of Carnegie Mellon University. It can be found at http://www.cert.org .
Currently there are no Talkback posted on "Patch & Security in Open Source World", 
