From the Heartbleed Q&A:
How common are the vulnerable OpenSSL versions?
The vulnerable versions have been out there for over two years now and they have been rapidly adopted by modern operating systems.
Looks like open source is still looking for some developers who think giving code security audits on a Saturday night sounds like a good time. That’s the worst OK Cupid profile ever.