Majid - that is often (if not always) decided on a project by project basis. If someone were to find a security flaw in the Linux Kernel or OpenSSL (for example), these two projects would immediately work on a fix and announce it when it was ready. Other projects have a monthly/quarterly/annually release schedule which can include both functional changes, enhancements, and bug fixes. I would recommend you pick a few OSS project and follow them specifically to see how they handle their maintenance.
@ jerry : In a general context , can the advancements or bug fixing , as done more often by individual users are considered , as their work can be a powerful source.
How the inputs(regarding patches/modifications) from various individuals are considered and hence forth adopted. Even sometimes their documentation can be worth.
Here is one from a Finnish researcher, http://epublications.uef.fi/pub/urn_isbn_978-951-27-0107-0/urn_isbn_978-951-27-0107-0.pdf (Timo Koponen 2007) then OSS maintenance quality has been researched by https://www.ics.uci.edu/~wscacchi/Papers/WOSSE-2005/RajaBarry.pdf U. Raja, E. Barry 2005) and http://www.cs.huji.ac.il/labs/parallel/stud/Israeli-MSc.pdf (A. Israeli 2008)
@Majid - Linus has been referred to as a "benevolent dictator" What that means in practice is that he has delegated lots of authority to other people in regards to fixes and accepting patches from others, but (and it is a big but) he has final say on anything added to the kernel. Not only is it final say, but there are no appeals or other such ways of getting something past him.
The seminal piece written on how OSS works is Eric Raymond's "Cathedral and the Bazaar" (http://www.catb.org/~esr/writings/homesteading/) where he compares software companies (cathedrals) and OSS development (bazaars).
I am no expert on this topic, but I know much very original work has been done regarding maintenance of FLOSS (free / libre / open source software). Actually many large proprietary companies have been taking ideas from open source software maintenance for the maintenance of their own proprietary software.
The topic is probably far too large to be addressed in a simple forum answer. My suggestion would be for you to first look at "software forge"on the web. That should already give you some ideas.