Now, on the issue of security. I have seen these type of reports before. Often, they simply count the number of vulnerabilities reported for each product, and compare the raw numbers. This is an invalid comparison for a number of reasons:

• Some products have more features than others. A standard Linux distro will come with many, many, many more applications than most commercial operating systems. More code means more bugs, means more security problems. That is an undeniable fact, and causes products with more features to have higher bug counts.


• Some security problems are more severe than others. A security bug that compromises one user's files is a big problem, but a security bug that compromises the entire system is something altogether different. Simply counting problems does not take this into account.


• Some products are not as homogeneous as others. A bug in Red Hat Linux may not also be a bug in Debian Linux, but a bug in Windows 2000 is very often also a bug in Windows XP. This problem is compounded by the fact that when there are common problems, they are often reported for more than one Linux distro. Grouping all bugs for any Linux distro into one count does not reflect much about the true security of a specific Linux install.

Now, let's say the report you cited doesn't suffer from these problems. There is still a lot of room for questions. What was done to secure the systems in question? What can be done to secure the systems in question? How competent were the administrators? How competent do the administrators have to be? What is better, a system that is less secure by default and can be made more secure, or a system that is more secure by default and can be made less secure? A simple "Mac OS X is more secure than Linux" does not adequately answer these questions.

So, to cap off a long winded reply, and answer the question you asked, yes. Security does matter. But I am not so sure the issue has been adequately discussed and answered by your post.