As I understand it, the decisions that are being made by these committees are the ones that most impact on the big vendors.
For example, one of the big responsibilities of these committees is to decide which projects become part of Jakarta EE. Who does that impact the most? It impacts the vendors who are then required to include an implementation of that spec in their platform. They need to not only add it (which may include implementing from scratch), they also need to document it for their platform, and then support it. In some cases we're talking about millions of dollars per spec that's added per vendor, maybe more.
What individual committer here releases and supports an entire Jakarta EE distribution? None. How much does a projects inclusion in Jakarta EE impact an individual committer? I don't think it really impacts them at all, except perhaps if they are involved in that project, it may give them a certain level of kudos. So, why should such an individual get a large say over what the vendors have to include on their platform when it has very little impact on them?
Even the logo affects the big vendors more, the primary purpose of the logo is to be a trademark that vendors can use to say that they are compliant with the spec - they will be putting this logo on their website, in their marketing materials, etc. For individuals committers, the logo serves comparatively little purpose.
So I think it makes perfect sense that the vendors have much more control over these committees than individual contributors, they are the ones who are most impacted by the decisions made by these committees, and also they have the most investment in Jakarta EE itself - being a strategic member for example requires having at least 4 people working full time on Jakarta EE.
Open Source isn't just about individuals working together, in fact it's rarely about just individuals working together. It's about all sorts of parties, including companies and individuals, working together. Very many open source projects are maintained and controlled primarily by one, or sometimes a few big companies. It's a model that works well. The nice thing about EE4J is that it is fundamentally a place where big vendors of platforms come together to collaborate, but in contrast to the JCP, the process is completely open, and at the project level, control has been turned into a regular open source model, where any individual can get involved and have a major influence. At the high level, it's primarily big companies that have the control, but that's not a bad thing. If they make bad decisions, it's going result in the committers at the project level ignoring them and not producing specs that they can include in their platforms, which is bad for them. Conversely, if at the project level, individual committers make bad decisions and are not producing specs that the vendors can include in their platforms, then the projects aren't going to be included in Jakarta EE and will consequently suffer in their uptake, which the committers generally don't work. The nice thing is that this relationship is formally acknowledged by who has control where in the EF, if we changed it so that the high level committees were primarily controlled by individual contributors, then if the individual contributors started making bad decisions on those committees, the vendors would just stop producing Jakarta EE implementations, with no formal process for managing and communicating that tension. Jakarta EE would then cease to have any meaning.