"Nice try, but I don't have to prove a negative"
Fine - so by your logic I don't have to prove a positive. The reader can do their own research - and it's not hard to validate all of the above.
"if you're trying to use the Secunia database for it, be honest and add up all the versions of Windows."
That wouldn't work as some vulnerabilities effect more than one version of Windows so you would be counting the same issue multiple times. And we are not adding up all the bugs for different versions of Linux (For instance SUSE 10 is on over 4,000), so why would we do so for Windows?
"And leave out all the bugs that are applications, not core OS"
Jeff Jones already did that work for a 'feature matched' Linux install - Windows still has far fewer vulnerabilities that are on average fixed faster (fewer days at risk).
Biting the hand that feeds IT
