I don't think that the many eyes make all bugs shallow style of approach is one people should be relying on for their security. Ever since shellshock (which was present in a very popular open source program for 25 years (1989 -> 2014)) there has been more effort applied to open source libs (e.g. the Internet bug bounty programme) but that's still a vanishingly small percentage of libraries that are being covered.
What I'd say is that given an equal amount of security effort an open source lib is more likely to have higher security, however by far and away the most important factor here is the amount of security effort employed and that is not generally correlated with the software being open source.
What I'd say is that given an equal amount of security effort an open source lib is more likely to have higher security, however by far and away the most important factor here is the amount of security effort employed and that is not generally correlated with the software being open source.