This is a myth that Microsoft have been fighting against for years. Some bad history has left us with a reputation that we’ve been struggling to overcome ever since. To get over this history, Microsoft have come up with procedures around security, fault-discovery and patching that are incredibly tight, with many companies aspiring to copy our techniques.
Microsoft are leading the way in terms of time computers are vulnerable. This is measured as being the time between a vulnerability being discovered and it being fixed.
In terms of numbers of flaws, Microsoft are ahead of the other players, particularly in terms of the number of high severity vulnerabilities. And it’s not just Microsoft saying this. When Forrester wrote about SQL Server 2008, they said: “Unlike Oracle and IBM, SQL Server continues to enjoy the lowest database security vulnerabilities in the industry.”
That was three years ago and we’ve continued this trend.