You're generally right about the vulnerabilities present in both open-source and closed-source software. However, there is still a  difference between the two. Closed-source code may contain both intentional and unintentional backdoors while open-source code is less likely to include intentional backdoors, simply because developers know that their presence is   likely to be discovered  by the community, ^{sooner or later}.