OpenSource security

I have to say that this year (and it is just the end of May) and already we have had two major security blows in open-sourced software.
First the Heartbleed bug and recently the end of Truecrypt support which is also surprising.
I think the root cause for both was that the communities of both of these projects are fairly small, so the number of people that verify what is going on equals 1 in case of Heartbleed where the buggy change in the code has been approved by one man.
The security hole existed for more than 2 years!!!
3/4 of the Internet relies on OpenSSL and only one pair of eyes have checked it and even the code is available for viewing it took 2 years to find out this major hole. Not good, not good Open Source folks.
For security critical subsystems like OpenSSL there should be a special treatment or at least an incentive to introduce more ethical hackers to these projects, so these kind of gaffes will not happen again.
I remind you that this security hole has led to global password resets.
I know that everyone hold off from changing their passwords, but this is not a good reason to change all of your passwords. This event has harmed very much the confidence in Internet technologies.
I know I know a month later they have found a major security hole in Internet Explorer of all of its versions that renders this web-browser insecure. The instructions given by Microsoft to rectify the problem are also funny.