Eric, Eugene - Jeff Jones is known for his objective reviews of publicly available security vulnerability data - just the facts, wherever it leads. Dismissing him or his reports because of his employer is wrong, and misses the point: his objective analysis is dead-on correct, whereas your dismissal of his findings is not. Dismiss the analysis if you can, but its been over a year, and greater minds than ours haven't been able to do that. Ad hominem attacks don't win very many arguments with me, anyway.

To me this isn't about open versus closed source or Microsoft versus Anybody But Microsoft - in a measure of relatively security, Microsoft's more recent products do measurably better across the board, from Windows to IE to Office to SQL. Microsoft has internalized certain security coding methodologies that result in fewer security vulnerabilities over time. Its a long and hard process, never perfect in its realization. I would like to say that competing applications and operating systems have taken a similar course, apparently though they have not. In general I would say that Microsoft has gotten better at this security thing, while its competitors have not. That can be difficult for some to admit. cx You can dismiss hard facts if you like, its to your detriment though. Don't mislead others along the way if you can help it.