What open source gives you is an audit trail, which is helpful but not sufficient. You still need to be able to trace malicious code to actual individuals. Then you need the ability to punish those individuals, ideally through criminal prosecution.