There is certainly the argument that implementations are not open source. Of course that makes sense as no one will open up the server configs, passwords, private keys, etc. But the actual software that is used within an implementation gets more secure if developed as open source software.
So here's the short list off the top of my head of security related open source projects that are pretty widely used:
- Advanced Encryption Standard (AES/Rijndael) - approved by NIST in 2001. First open cipher used by NSA to secure top secret information.
- OpenSSL - Since 1998
- OpenSSH - Most widely used SSH implementation with over 80% usage [source]
- SELinux - NSA developed linux security
- Gnu Privacy Guard (GPG) - implementation of OpenPGP for signing/encrypting using PKI
- Trusted Solaris - developed by Sun under OpenSolaris
- Plus lots more that I can't think of right now...
Of course others have written on this subject and pretty much conclude that not only does OSS improve a project's security, not being OSS is quite a large vulnerability.