Difficult to answer because open source (in)security is public, closed source may or may not be. In that vein, this is fairly old - January 2007 - but quite an interesting comparison of Firefox and IE security processes:

http://blog.washingtonpost.com/securityfix/2007/01/internet_explorer_unsafe_for_2.html

The report states that unpatched vulnerabilities existed in IE for 284 days in 2006, but only 9 days for Firefox. There are a slew of reports from both sides about the relative efficacy of, for example, anti-phishing security in the two browsers, but this report is rather more relevant as it is seems specifically about the open process.

I think the question is best re-framed "Is the software I want to use secure enough for the job it is being considered for and what is the vendor track record for fixing disclosed vulnerabilities?"

I frequently look at Secunia's advisories: http://secunia.com/advisories/

Even though they once reported FireFox as the most vulnerable browser what they didn't really mention was that the time to patch was something like 8 days on average. So with source code available folks are finding and reporting vulnerabilities.

Compare that to the current list of vulnerabilities discovered by Secunia Research themselves. There are plenty of advisories on there from proprietary vendors, more than a few are un-patched. http://secunia.com/secunia_research/

So, it depends on the vendor or project at hand and if it is fit for the task or not. With the vast array of available solutions both proprietary and FOSS I think it is impossible to say which is actually more secure across the spectrum.