[stripes1776]

Yawn. We've been over this before, but let me point out again, the number of "vulnerabilities" is a meaningless metric. It is the severity of each vulnerability and the difference between whether it is a potential or actual vulnerability that matters.

Exactly. The report from Secunia points this out explicitly with the following comment:

The above graph is not an indication of the individual vendors’ security, as it is not possible to compare the vendors based on number of vulnerabilities alone. To assess the “performance” of vendors in terms of vulnerabilities one should rather look at the changes in the type of vulnerabilities, code quality, handling of vulnerability reports, ability to update users, quality of patches, ability to communicate to end users, number of products, complexity of product portfolio, and other factors which cannot be read out of mere aggregate numbers.

Simply quoting raw numbers measuring one narrow graph is meaningless. It is necessary to take all the rest of those factors into consideration.

[for-q-clinton]

Simply quoting raw numbers measuring one narrow graph is meaningless. It is necessary to take all the rest of those factors into consideration.

I agreee. That's why I've been using the pwn2own competition where OSX was the first one hacked for the past 3 years. And last year they got read/write access to OSX while Windows only gave up read access.