The total number of remote roots on Solaris, Windows NT, Irix, and the like is magnitudes higher than is actually disclosed. Whereas generally on Open Source platforms, you know and understand everything there is to know about each vulnerability. This is why on Open Source platforms (or platforms for which the source code is so readily available as to make it open source in all but name) people are now hunting down obscure integer overflows, and on closed source platforms fuzzers are happily picking out stack overflows in initial handshake messages.