Not Trolling. The argument for security of open source software, (and why you can never trust closed source) that gets oft repeated goes something along the lines of "You can trust OpenSourceX because the source is open man, everyone has access to it... how could a TLA hide a backdoor in something thats open. Bugs like <insert whatever MS flavour of the week bug> cannot happen with Open Source because anyone can look at the source and fix it" and "You can't trust microsoft, LOOK, theres a variable called _NSAKEY that contains a 1024bit key, that must be the backdoor that the NSA put in so they can use your webcam to view your cat remotely. Sure, they say that the _NSAKEY is to ensure they comply with crypto-export guidelines, but you don't know man YOU JUST DON'T KNOW" So, to answer your question... XP Remote exploit bugs can be there for 10 years, because only BillyG (and his 4 friends) are allowed to see the code. My question was simply around the validity of the Open Source argument presented above. Bugs happen, but for something so widely in use to be overlooked by so many people, I just can't see the "Its safe because its open" argument holding any weight whatsoever.