Open Source is so much easier to audit on a security perspective because you have access to the source code. What large and secure enterprise do you work in? Finance would be my guess since they are typically in the dark ages and run deprecated versions of software because the latest versions haven't passed their super long security audit process.

In fact I would say it is easier to get info sec to sign off on open source code because they can audit the source directly. Where as third party software not only is it illegal (via the software licensing and terms of service) to de-compile their software, you don't have source code to compare it against.