February 28th marked 90 days that Windows Vista had been available to business customers. December brought the first public disclosure of a vulnerability and February brought the first Security Bulletin affecting Windows Vista. Has it been a good or a bad 90 days for security vulnerabilities?
Blog Reference by Jeff Jones, the author of the paper:
And the only one fixed was not even a true core Windows Vista one! Not to bad of a story in my opinion.