It is no doubt true that an open source process is helping malware authors get more done quickly. This has always been the case. I remember covering "pirate bulletin boards" in the 1980s, and they were essentially an open source process. Pirates would post their latest exploits, and other pirates who reached the sites could use that code to do their own.
But here is what is interesting. The security software business, including McAfee, is mainly run on a proprietary base. You can't see the code of McAfee or Symantec or Trend Micro security software. You can't change it or adjust it to your needs, even if your copy is running on a Linux system. You are dependent on these companies for your updates, and you hope they can keep up.
The latest report is an admission that they cannot.
So, do we need to look now toward open source tools for our security? Is it time for someone, a foundation say, to launch a project in this area, to distribute their code free, and to update it free as well? Something like, say, Firefox, only for security?
I am certain McAfee would protest that. But does their own research contradict them?