Maybe some user can be unaware of what is happening with OSS, but the community as a whole will always have accurate information of what is what (unlike this case where everyone is guessing).
For starters, the obvious implied suggestion is that these types of vulnerabilities don't exist in commonly used closed-source systems. That's been proven hilariously false time and again.
Secondly, commercial vendors have seen fit to adopt opensource where it suits them in order to take advantage of (and offload responsibility for) what these components do.
You're effectively saying "Open Source community doesn't have accurate information because look at X and Y" and ignoring that "X and Y" were also not discovered to have problems by any closed-source using dependent commercial entities.
> the obvious implied suggestion is that these types of vulnerabilities don't exist in commonly used closed-source systems
I never implied that, obviously or not.
> Secondly, commercial vendors have seen fit to adopt opensource where it suits them in order to take advantage of
Commercial vendors adopted opensource due to lower cost of ownership, not due to perceived lack of problems or because "community knows exactly what is what"
Maybe some user can be unaware of what is happening with OSS, but the community as a whole will always have accurate information of what is what (unlike this case where everyone is guessing).