What would you say if I told you that, out of all commercial operating systems, Microsoft Windows has the lowest number of vulnerabilities and the fastest turnaround time for patches? When you stop laughing, check out this news article: “Study: Windows has fewest security holes.”

Here are some stats from the study:

  • Thirty-nine security holes were discovered in Windows during the second half of 2006, with an average patch development turnaround time of 21 days, up from the 22 Windows holes found in the first six months of the year.
  • Red Hat Linux had 208 vulnerabilities for the same period with an average patch time of 58 days, a huge increase on the 42 patched vulnerabilities for the first half of the year.
  • Apple’s Mac OS X had 43 vulnerabilities – more than double the number for the first half of 2006 – and an average patch time of 66 days.

Are you surprised by the results of Symantec’s study? What shouldn’t surprise you is that Windows also wins the prize for having the most critical flaws. “Almost one-third of the 39 Windows holes were high severity, and 20 were medium severity. Just two of the 208 Red Hat Linux security holes discovered were high severity, with 130 medium severity and 70 low severity. Only one of the Mac OS X holes was considered high severity, with 31 classed as medium and 11 as low severity.”

What are your thoughts about this classic “quality vs. quantity” debate? Would you rather have a few really big flaws or a bunch of flaws that aren’t very severe?