Comparing Security: Commercial S/W vs. Open Source
Here. Of course, David Chappel tends to appear at more MS-related events than not, so he's biased like the rest of the folks reading this post (well, maybe not as biased as some : ). However, he examines the 2001, 2002 and 2003 CERT Coordination Center's security advisory data and finds that things are definitely moving in the right direction for Windows folk(although not as fast as we'd like, of course).
