For a simple yet powerful reason why closed source is so problematic in a global connected world see eEye’s Zero-Day Tracker. Even taking into account that Microsoft has a long list of products watch out to how many times their name is listed and how long it has taken them to find a fix (in some cases they haven’t even, yet!). Consider on contrary that open source developers are not subject to time zones, i.e. beeing a global community there is no such thing as closing time for open source developers.
727 day — that is more than two years — and counting is the record. Even though the security level is low, I reckon this tells stories… I do not know, though, how complete is the list nor is anything said whether issues on Linux/BSD are recorted.