The article behind the link says that IE was excluded from the Bit9 study.
"The criteria for included applications was stringent. They must be Windows-based, and must have had at least one security vulnerability this year ranked as High in the NIST vulnerability database. They must not be updatable via an enterprise-based software patching system such as Windows SMS, and finally, eligible applications must rely on the end-user rather than a central administrator to patch the system's security vulnerabilities. On this basis, Internet Explorer was not included, the report added." (www.infosecurity-us.com)
Given the above, how IE would score for the home computer environment, since most home computers are not managed by central IT/