Let me take a moment to clarify something, as some folks seem to have gotten the wrong impression.
I having nothing but the utmost respect for Mark Cox and the Red Hat security team that he leads. They do a hard job and they do it well, balancing the pressures imposed by the community from full disclosure with the goal of minimizing customer risk in a practical way to get security fixes out the door for customers. Also, their advisories and response process are better than any other Linux vendor I’ve found and generally better than most other vendors.
At the same time, their software is not flawless and they have to work with both the pros and cons of their software and support model and I will keep writing about both, especially where I think common perception might be a bit askew. Because of their leadership position among Linux distros, I think Red Hat makes a good comparison point for data analysis against the common security perceptions for Linux and Windows.