Anyone who has ever debated the whole "Microsoft vs. Linux security" thing needs to read this series of blogs from Jeff Jones. In this series he looks at Secunia's statistics regarding vulnerabilities which are publicly known for which there is no patch and does a good hard reality check. It's a great read and it will go surprisingly fast even though it's a 3 part series . . . although it begs the question - if Jeff Jones can find the time to do this - why can't Secunia????
Exposed? : Examining Secunia Unpatched Warnings - Part 1 <http://blogs.technet.com/security/archive/2007/01/10/exposed-examining-secunia-unpatched-warnings-part-1.aspx>
Exposed? : Examining Secunia Unpatched Warnings - Part 2 <http://blogs.technet.com/security/archive/2007/01/17/exposed-examining-secunia-unpatched-warnings-part-2.aspx>
Exposed? : Examining Secunia Unpatched Warnings - Part 3 <http://blogs.technet.com/security/archive/2007/01/19/exposed-examining-secunia-unpatched-warnings-part-3.aspx>