http://www.computerweekly.com/...rID=1&sSearch=&nPage=1
"
For example, Windows security holes generally receive a lot of press because of the software's popularity, but the statistics show that Windows is not the subject of significantly more advisories than other operating systems. Windows XP Professional saw 46 advisories in 2003-2004, with 48% of vulnerabilities allowing remote attacks and 46% enabling system access, Secunia said.
SuSE Linux Enterprise Server (SLES) 8 had 48 advisories in the same period, with 58% of the holes exploitable remotely and 37% enabling system access. Red Hat's Advanced Server 3 had 50 advisories in the same period - despite the fact that counting only began in November of last year. Sixty-six percent of the vulnerabilities were remotely exploitable, with 25% granting system access.
Mac OS X does not stand out as particularly more secure than the competition, according to Secunia.
Of the 36 advisories issued in 2003-2004, 61% could be exploited across the internet and 32% enabled attackers to take over the system.
The proportion of critical bugs was also comparable with other software - 33% of the OS X vulnerabilities were "highly" or "extremely" critical by Secunia's reckoning, compared with 30% for XP Professional and 27% for SLES 8 and just 12% for Advanced Server 3. OS X had the highest proportion of "extremely critical" bugs at 19%.
Sun Microsystems' Solaris 9 saw its share of problems, with 60 advisories in 2003-2004, 20% of which were "highly" or "extremely" critical.
Comparing product security is difficult, and has become a contentious issue recently with vendors using security as a selling point.
A recent Forrester Research study compared Windows and Linux supplier response times on security flaws and was heavily criticised for its conclusion that Linux suppliers took longer to release patches. Linux suppliers attach more weight to more critical flaws, leaving unimportant bugs for later patching, something the study failed to factor in, according to Linux companies."