The code is openly sourced, developed, and tested. It, like privately sourced, developed and tested code contains bugs. Since you are casting the stones, am i to assume code you have been around is free of these eventualities?

What I'm saying is that we should be looking at (open) alternatives to OpenSSL, like GnuTLS for example.

It's not about open vs closed or "all code has bugs", it's about the OpenSSL project needing to rethink their security strategy and general guidance.

GnuTLS does not use an acceptable license. Apache/BSD/MIT please. It's the only way you'll find it replacing OpenSSL everywhere.

All software has bugs. That's an unavoidable reality. You need to learn to deal with that fact.