bill - 2:34 am on Apr 21, 2008 (gmt 0) I think this report has been criticized for including Linux applications in the past. It appears they tried to address that this time around.
And before Linux enthusiasts claim some sort of bias, Jones actually went to the trouble of discounting non-core components on the Linux systems tested. So vulnerabilities in open source products like OpenOffice.org, GIMP, and various development tools were not counted against those systems. "It is a common objection to any Windows and Linux comparison that counting the 'optional' applications against the Linux distribution is unfair, so I've completed an extra level of analysis to exclude component vulnerabilities that do not have comparable functionality shipping with a Windows OS," Jones noted.
And what do they mean exactly by "fixed" vulnerabilities anyway?
According to the report he analyzes the vulnerability disclosures and security updates offered for each platform. It would be hard to say how many unpublished vulnerabilities there are for any platform.
I think this report has been criticized for including Linux applications in the past. It appears they tried to address that this time around.