The report that came out a while back saying basically how Vista has had hardly any security issues and Linux has had tons has been, debunked by insecure.org. First of all it's shocking that someone with interests in Microsoft would see less vulnerabilities and someone with interests outside of Microsoft would see more. Shocking. Next you'll tell me that statistics can be manipulated!
So read the debunking, and read the original report and commentary over at OSNews.
Just what has Kristian debunked here? Squat. Because MS uses " is the most secure Windows to date" as a bi-line? Its actually completely true. They never say they are absolutely secure. Absolute security is a myth. Doesn't exist. In Windows or Linux.
He complains its "inflated", yet the MS research takes a default install and compares it. Its not Microsoft's fault the default Linux install provides the option to deploy so much crap to expose the attack surface so largely. If RedHat wishes to ship all that extra software, perhaps they should audit it. No one seems to disagree the vulnerabilities exist in the open source packages. Only that the software doesn't have to be deployed. Seems kinda dumb to me. If a vulnerability exists in something like emacs that ships by default, and the distro wishes to deploy it as a feature, then it should make attempts to protect the user when vulnerabilities are found.
And whats with this "silently fixed" vulnerability story line. You honestly think MS could get away with NOT reporting vulnerabilities reported to it through MSRC? Give me a break.
This us-vs-them attitude is futile. No one wins. Mud slinging aside, Kristian would better serve the security community by either SHOWING us these so called hidden vulnerabilities so we can protect our clients, or use his energy more effectively by picking up a rocket launcher and playing some Quake. At least then when he shoots from the hip he might actually hit something. This is totally off the mark.