George Toft wrote:
> 
> So here I was, surfing Security Focus, and I noticed they track every
> vulnerability for Windows, Solaris, and Linux.  I put this page
> together:
> http://georgetoft.com/security/survey/index.shtml
> to count the vulnerabilities.  Why spend 5 minutes counting when I can
> write a script in an hour to do the same thing?  Because it is as
> current as Security Focus.
> 
> Interesting numbers - they directly contradict Microsoft's statements
> about their security.  No Linux bias here, nosiree!  That's why I
> chose a vendor-neutral site for my data.

hmmm... are there any statiticians out there who could suggest a decient
set of metrics that normalizes the number of vulnerabilities over time? 
something like 


OS                      Raw_Count    Years_in_service   
vulnerability_index (v/year)
Microsoft Windows 2000:   172               1.5                 114.67
Solaris                   162               7.0                  23.14
...

It would also be nice if you could plot the frequency of vulnerabilities
over time and compare a single graph...

  EBo --