Who's more secure than whom?
Forrester concludes that Microsoft is, on average, faster than Linux vendors at fixing known vulnerabilities, but that Windows has more of them than Linux. I could quibble with a lot of these numbers, but I think it's more important to recognize that they are all in the ballpark with each other.
A Linux advocate could have a lot of arguments with Forrester's positions. For instance, Forrester tracked the distribution of patches by Linux distributors, specifically Red Hat, Suse, MandrakeSoft and Debian. When a patch comes out for a Linux bug, it will often come out first in another venue, such as kernel.org or apache.org. At this point, the distributors have to do some testing before they issue their own advisories and code. It's often possible for Linux users to patch their systems faster than the Forrester research assumes.
By Larry Seltzer at eWeek.
[ Read more ]