The question is more a case of "how many people are running something they don't know?".
I wasn't vulnerable per se as my Debian machines had /bin/sh -> dash but bash was vulnerable on them and they all face the net. My NAS has a vulnerable bash which is a bit of a pain to upgrade. But that's behind the firewall so it's safe.
Or is it? The NAS is set to not check for upgrades yet the other day the led was flashing saying an upgrade was available. I can't trust it any more.
Same for the router. There's no info on whether it's Linux + busybox or what. I have rapidly come to the conclusion that if I don't know what software sits between my network and the world then I am effectively powerless. I'm in the market for a new router with 802.11ac and I'm only going to consider something that can be OpenWRT'd from the start.
So from now on, if I haven't got the source to what is facing the net, it doesn't get used. And yes, that does make me nervous using my smartphone and tablet.