The security at my company has been enhanced by open source software for many reasons, but I will list the two I consider the most important:

1. Security problems are disseminated quickly in public.
2. I can choose to run another application to replace the insecure application, if needed.

In the case of closed source software providers, security problems are _not_ disseminated quickly. Closed source software providers would rather keep the problem from public knowledge until the problem is fixed.

Concerning open source application choices: I assume it is cheaper to migrate from one open source application to another (let's say, sendmail to Postfix) if a patch cannot be made available quickly for an application security bug (which is usually not the case), than to migrate between similar closed source applications (say MS SQL Server to Oracle). In the case of some closed source applications (MS Internet Explorer) you can't uninstall it at all, as it is considered part of the operating system.

Since open source software is developed by a public community, it only made sense to build the applications upon open standards and protocols, therefore migration between similar open source applications is cheaper.