The article makes it clear that (as the author understands it, at least) someone who uses open source software in their commercial product is liable; the people who wrote the open source code [1] are not.
> If a user is harmed by software, the person they paid (targeted ads would count) must compensate them for the harm – unless the software provider can prove their software played no role in the ... harm. If open source resources are [used by] your code, you’re responsible for their performance too. *The open source resource licensed away their liability to you*.
(Emphasis mine)
[1] Assuming they used a license that limits liability, such as Apache.
> What if an open source project is used directly by consumers, and causes them harm? The public policy is clear: they must be compensated.
It's expressly not clear what the implications here are, according to the article.