This URL came across one of my RSS feeds today so I had a quick look: http://www.us-cert.gov/cas/bulletins/SB07-309.html
So I did a CTRL-F in IE and typed in "Microsoft" and was pleasantly surprised to find no hits . . . so I scrolled down to see what was on the list and I saw some competing AV vendor stuff, and some competing music player stuff, and some code exec bugs in a competing email / PIM application that allow HTML email to run code (yikes!!!), a bunch of PHP application vulns, etc. etc.
Then the butterflies in my mind took me to the realization that Windows Vista RTM'd a year ago this month (like a year ago tomorrow actually) . . . that's when the bits were officially blessed as 'done' (not generally available to everyone).
So then I wondered what the Vista CVE count will look like at the end of November / December / January as it nears 1 year of 'general availability' in the wild so to speak . . . right now as it stands the Technet security site lists 16 bulletins for Vista - and some of those were only rated moderate at that. It certainly seems like Vista has been much better than XP from a month to month patch volume perspective. I'm sure someone will do some report comparing the two. 🙂