Open Source Software Security

Two days ago I have to patch all the Apache servers I administer because of the vulnerability on chunked transfer. This morning I have to patch all the OpenSSL servers I manage because of the challenge-respnse bug. Secure open source software? Well, at least I know that it is not secure, and the patches and fixes comes even before the PR. At the same time, I have no idea about what my Windows 2000 box is doing in its spare CPU cycles...