I don’t want to spend too much time on this topic… Just want to get this out there. As you may have heard, a vulnerability was discovered in GnuTLS, because of sloppy coding: http://blog.existentialize.com/the-story-of-the-gnutls-bug.html
I want to stress two points here:
1) This code has been in GnuTLS since 2005. So the bug went unnoticed for some 9 years.
2) The code was discovered by Red Hat themselves. Possibly because the recent TLS bug discovered in iOS and OS X (which had only been in there since 2012) inspired them to double-check their own code.
So what this means is: even though the code is open source, it took many years to find the bug, and when the bug was eventually found, it was found by Red Hat themselves, during an audit, rather than an independent party. This once again dispels the myth that Open Source is more secure because bugs are found quickly because of the thousands of eyes watching the code (also known as Linus’ Law). Apparently serious security flaws lie dorment in the code for many years.
For more background information, see Ars Technica.