Would those execs rather . . .
a) publicly berate and fire the internal developer who created the problem
or
b) have to point out that the opaque series of tests internally just wasn't up to snuff and promise to improve them?
When the bug's in OSS and the company is held responsible, there is no option a.
Unless the OSS projects themselves are staffed up and able to provide legal responsibility, why use them?