I just posted my March 2007 – Operating System Vulnerability Scorecard over on CSOOnline, which includes charts comparing the vulnerabilities in Windows, Red Hat Linux, Ubuntu, Novell, Sun, and Mac OS X, broken down by server and workstation.
Here is the workstation chart:
I plan to update this monthly throughout the year, and will include newer products when they are released.
I am also considering how to add days-of-risk data. One month time frames seems to short. Perhaps I should change my 3 month section into a rolling 12 months section, in which I also show average days-of-risk. Thoughts anyone?