I think you are missing the point here.
The issue isn't with the facts - there are more vunerabilities for open source software than for microsoft software - but in the shoddy framing of the question in the first place.
The report is comparing, as a simple count of error reports, the whole of microsoft software (that's conservatively 500 products, discounting different packaging arrangements but including such items as MS keyboards and mice) with the whole of open source software (that's several thousand projects, not including alphas and other software not considered fit for a production environment). As a percentage, MS products are far, far less reliable, but as a *simple count* there are less errors simply because there are less products.
If you compare any one MS product (IIS say) with its market competitors, you usually find that it has far more reports against it (even discounting multiple vunerabilities per report) than the competitor - and in IIS's case, you can't claim thats "because it is more popular" because it isn't - Apache has far less problems (although it has its own) than IIS, and a much larger market share.
The math in this report was specifically chosen to show a result out of keeping with the actual figures, without actually lieing. I won't say that is not a valid marketing tactic, but it is certainly not good research.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/127/17350#17350