OpenSSL was an example of open source done badly; neither of our communities can claim to be universally perfect. The solution, was to fork and replace OpenSSL with a superior project: LibreSSL. That part of the story, is a success for open source. It shows us recovering quickly and permanently from the worst catastrophe imaginable.
Working fine on FreeBSD 10 for me, but it's not default yet as far as I know.
My thoughts on the matter are, this is all a pointless waste of time/effort, or otherwise said, an arms race of exploits/bugs that will go on and on and produce nothing of value, except justifying a military budget in various govs.
If they truly were doing their jobs and being of benefit, we wouldn't have the corruption we do, the paedo rings, the drug cartels etc.
To be secure, you have to beat the smartest people on the planet I would have thought, and unless you have a nation's resources, that's tricky. Tightening laws I'm not sure is the answer either, it feels like human nature expressed in Internet terms.
There is no way to know for sure, because we have not embedded telemetry / spyware in open source operating systems.
One of the problems here, is that large organizations are reluctant to update software across a large population of computers. If those updates were smaller, more transparent, and could be separated based on whether they are a security fix, a new feature, or a new tool that allows a 3rd party to monitor user activity, then the sysadmins would be empowered to close security issues quickly, while introducing minimal risk.
