In the interest of honesty - first of all, "it gets patched within hours and it may take a day or two for it to be distributed to everyone" is not true. No matter how fast a vulnerability is patched, the distribution process usually takes days to weeks (c.f. Heartbleed bug, Canonical was apparently the first to find and fix it, and yet I've waited weeks to get the fix on my Ubuntu machine) for those who care and monitor those issues constantly, and months to years for everyone else.
Now there is an argument that there is a trivial way to find vulnerabilities in Open Source code - just diff the commits to look for fixed bugs, and attack those who didn't manage to update their software yet. That's part of the reason why e.g. Wordpress blogs and PHPBB forums get spammed so heavily.
Whether or not the benefits of Open Source are greater than those problems is another topic, but let's not pretend opensourcing doesn't lower the entry bar for attackers.
Now there is an argument that there is a trivial way to find vulnerabilities in Open Source code - just diff the commits to look for fixed bugs, and attack those who didn't manage to update their software yet. That's part of the reason why e.g. Wordpress blogs and PHPBB forums get spammed so heavily.
Whether or not the benefits of Open Source are greater than those problems is another topic, but let's not pretend opensourcing doesn't lower the entry bar for attackers.