A study by the US Computer Emergency Readiness Team has created controversy after it said that more vulnerabilities were found in Linux/Unix systems than in Windows last year.
The report, Cyber Security Bulletin 2005, claimed that out of 5,198 reported flaws, 812 were found in Windows, yet 2,328 were found in open source Unix/Linux systems. The rest were declared to be multiple operating system vulnerabilities.
The report predictably attracted criticism from the open source community, with Linux vendor Red Hat saying the vulnerabilities had been wrongly tagged, and so could not be used to compare the relative security of Windows and Linux/Unix platforms.
"The study is confusing and misleading. When you look at the list, the vulnerabilities are miscategorised," said Mark Cox, a consulting software engineer at Red Hat.
"Firefox is categorised as a Unix/Linux operating system flaw, but it runs just as well on a Windows platform. Apache and PHP also run just as well on both platforms. There are methodological flaws in the statistics."
He added that Linux operating systems were more secure for businesses than Windows platforms, as fewer vulnerabilities were critical and patches were brought out more quickly.
This debate between Linux and Windows over which is more vulnerable just won't go away. But what should be a worry is surely that there were 5,198 flaws in the first place.