In response to
> "Attackers aren't going to politely wait for Microsoft to fix issues like this, and Microsoft won't fix issues like this unless they are pressed to. And this brings up the glaring flaw with closed source products. If a third party flagged an issue in an open source product, any user that is concerned enough could potentially fix it or patch their own systems themselves. With closed source, we have to wring our hands and wait for someone at Microsoft to care enough to fix it."
Argument (assumes the new OS shipped binaries that could be decompiled into form that can be recompiled again trivially):
Lets say I am a consumer having routers running Linux and even if I knew about developing in some manner, I wouldn't necessarily have time or interest to start fixing bugs in gear running platforms that might require a complete recompilation and setting up a remote-build system and what else.
Contrast this C/C++/open source model to a model where operating system and everything was written in eg. variations of C# called M# that was used to develop a real operating system.
In this managed language model, if my router or phone etc has a bug, I can download the affected binary from the router and get back source code that's readable enough that I could actually make larger changes to it and send it back to the router. Yes. You could do this with IDA pro but having actually tried it, I can tell you it's nowhere as easy as with C#.
By "readable enough" I mean that with C# (and probably Java etc) you can decompile binary, get back good enough source that you can in few minutes be recompiling it again. The only problem would be if the OS used signed executables and would not allow replacing the executables with ones that you self-signed. So while waiting for official patch, you'd have to set the OS into a mode that accepts self signed executables. This certificate for self-signing could be put into the hardware cert store through a firmware interface pre-boot. This way the entire system would stay secure despite using self-signed modded OS dll's. (edit : you'd also need a way to select whether you want OS update to overwrite your mod or not)