Using Open Zeppelin does not guarantee the lack of contract issues, but since it is independently audited, it is more secure than contracts built on top using the Zeppelin library and which are not audited.
For example, Parity - covered in the article - uses Open Zeppelin and had wallet insecurities twice this year. But Zeppelin itself was not affected in those scenarios.
I sort of think of Zeppelin as a “safemath” library, similar to those in C. But even though safemath libraries exist in C, that does not mean C is safe from security issues.
I think you must also consider why an Ethereum auditing service would be viable in the first place in light of two concerns:
1. Flaws in wallets often provide higher bounties, so the people who discover vulnerabilities are more likely to exploit it than to announce it. Basically misaligned incentives.
2. An auditing company would be taking on a substantial amount of risk considering how underdeveloped Solidity is and the magnitude of wealth potentially stored in a contract. I would only imagine auditing be viable for people who want to build brand recognition than building a company.
For example, Parity - covered in the article - uses Open Zeppelin and had wallet insecurities twice this year. But Zeppelin itself was not affected in those scenarios.
I sort of think of Zeppelin as a “safemath” library, similar to those in C. But even though safemath libraries exist in C, that does not mean C is safe from security issues.