Nicholas Petreley (The Register): Windows v Linux security: the real facts. "Reliance on a single metrics is a major feature of Microsoft's Get the Facts campaign, and this is perhaps understandable if we consider what the campaign is. It is essentially a marketing-driven campaign intended to 'get the message across' with data used to back up the message (note that Microsoft would not necessarily disagree with us here). However, by their nature marketing campaigns push specific, favourable headline items and magnify their significance. They do not necessarily (even usually) accurately reflect the underlying data, and frequently outrun it by some distance. And this process is actually easily illustrated by the Forrester report we linked to earlier on. Get the Facts pulls out the 100 per cent fix and fewest vulnerabilities bullets, while the report itself talks of its use of three metrics and (if we're doing headline items) also says: "ICAT classified 67% of Microsoft's vulnerabilities as high severity, placing Microsoft dead last among the platform maintainers in this [high severity] metric."
