Open source - crap code
It is an unfortunate truth but a lot (I'll not say "most" even though I think it is justified) open source code is, quite frankly crap. Oh yes, it works. And a lot of it works very well. But if you actually look at the code (and relatively very few people ever do), you will find 99% of the time that it is very badly written, often full of random "goto", "break", and "return" statements, virtually totally uncommented, and generally a very sloppy mess apparently written by someone without the first clue about software design. This all leads to code that, although in theory "anyone can look at and change if they want", in reality "it'll make your head spin trying to understand what the f*** is going on and you will eventually give up".
I don't know why code quality is such a non-existent priority for many people, and I've definitely seen my fair share of it in the commercial world too, but it seems to be, and this contributes in a big way to why even really obvious bugs go unnoticed for years. The other reason is that nobody actually bothers to look.
Of course, there are exceptions; there is open source code out there that is well written and understandable. But it is VERY few and far between.
I will, of course, get modded down for this, but I question the justification for that; I firmly believe and stand by this assessment.