Well, it isn't possible to write 100% bug free, correct, and secure software - unless of course we're talking about Hello World.
You're wrong. Software correctness is provable. It's only the lack of demand for correct software that ensures that this doesn't get done.
Humans by their very nature are not perfect and no matter whether you want to talk about propriety software, open source software, Windows, Linux, or whatever - there will always be mistakes.
I'm saddened that you ignore the facts - that bugs in open source software as a whole are less damaging than in Windows or typical proprietary software. The numbers of published bugs are comparable, but there are far fewer remote push exploits in open source, and the vast majority of published open source bugs are trivial problems that would only lead to an exploit under specific circumstances. How many special-case bugs are lurking in proprietary software that nobody but the black-hat who discovers it will ever know about? That's a question that only the vendor can answer, and they have an interest in ignoring and downplaying the issue until it escalates. Then, people will say "oh, get off their case, all software has bugs", thus they don't catch the flak they deserve for delivering poorly-tested software to their customers, and their strategy of ignoring the problem instead of tackling it just becomes reinforced.

Complacency is the wrong strategy.