I hope you bring that up as an example in favor on open-source, as an example that open-source works. In a closed-source situation it would either not be detected or reach the light of day.
In a closed source situation people using a pseudonym don't just randomly approach a company and say "hey can I help out with that?"
It was caught by sheer luck and chance, at the last minute - the project explicitly didn't have a bunch of eyeballs looking at it and providing a crowd-sourced verification of what it does.
I am all for open source - everything I produce through my company to make client work easier is open, and I've contributed to dozens of third party packages.
But let's not pretend that it's a magical wand which fixes all issues related to software development - open source means anyone could audit the code. Not that anyone necessarily does.
