Computerworld has a great article talking about different vendors and their approach to patching.
I think this brings to light an interesting challenge for IT Managers; how and when to patch systems? Here at Microsoft we provide guidance about the severity of a vulnerability to help you determine how critical this is to your organization. As is mentioned in the article,
Microsoft has also shown a growing willingness to work with security researchers who discover flaws, according to users and analysts.
Because of such efforts, Gartner no longer believes that there is any difference as far as security is concerned between Windows Server 2003 and rival operating systems such as Solaris, HP-UX and AIX, Pescatore said.
It is certainly great to see that Gartner now recognizes that Windows Server 2003 is at least as secure as its rivals. The article also mentions the fact that Microsoft has disclosed less vulnerabilities in the last three months than both Oracle and Cisco.
In fact, based on information provided by each of the vendors, Microsoft disclosed a total of 12 vulnerabilities over the past three months, compared with 167 for Oracle, 18 for Cisco and eight for Sun Microsystems Inc.
I think this article recognizes all the hard work that we have done at Microsoft around delivering secure applications. As an IT Manager, this should translate into less patching that needs to be done on your Microsoft machines.