Where does Bugzilla quantify who exactly is looking, how frequently they are looking, and what did they find both good and bad? It looks to me like nothing more than a huge bulletin board with random posts of bugs, take a look at the bugzilla apache site.
http://issues.apache.org/bugzilla/buglist.cgi?query_format=specific&order=relevance+desc&bug_status=__open__&product=&content=
The naked eye indicates 90+% of the inputs for apache are by apache personnel. How is this supposedly proving that there is many good eyes outside of the original development group? Isn't that a tremendously small group of people considering how widespread that software is used?
Shouldn't there be lots and lots of other "good eyes" reviewing that code for vulnerabilities? But right now it looks pretty convincingly like good eyes = ~original dev team, and nothing more.