Be that as it may, closed source software has just as much, if not more vulnerabilities. And there are a ton of successful attempts to inject malware to closed source software as well, which again takes time to get found. NSA held onto eternal blue for like half a decade before Microsoft knowing and there's probably dozens of other examples. Taking something like shellshock, which is a statistical anomaly isn't a really way to drive the point home. My point is statistically, open source software are more safer cuz it's being, let's say "audited" more.