Counting the first 180 days worth of vulnerabilities impacting Windows Vista, Windows XP, Mac OS X 10.4 Tiger, Red Hat Enterprise Linux 4 Workstation, Ubuntu 6.06 LTS and Novell Suse Linux Enterprise Desktop 10 reveals that Microsoft's latest operating system is outperforming all direct rivals in terms of the most reduced number of security flaws. Vulnerability statistics are by no means an accurate measurement of the security level of an operating system, but they do illustrate code quality, in the context in which Windows Vista currently benefits from the same obscure market share of Linux or Mac OS X, and as such, is not a primary target for attacks, unlike XP.

Jeff Jones, Security Strategy Director in Microsoft's Trustworthy Computing group, in his paper Windows Vistas 6-Month Vulnerability Report counted all the vulnerabilities affecting Vista in the first 180 days on the market following the November 30 2006 launch. However, the count only involves security flaws impacting the operating system directly and not the components that ship by default with the platform such as Internet Explorer 7 and Windows Mail. In this context, there were just 12 vulnerabilities in Vista in the first six months, five of them labeled with a severity rating of Critical.

Microsoft security representatives such as expert Michael Howard stated that the overall security goal of Vista security is to deliver at least half the number of vulnerabilities in comparison to Windows XP. Vista seems to be right on track as XP was hit with no less than 36 vulnerabilities in the first six months of availability. Windows Vista even managed to feature less security holes than Mac OS X Tiger. Version 10.4 of Apple's operating system was impacted by a total of 60 vulnerabilities in the first 180 days, 18 of which were rated 'high severity'.

"During the first 6 months, Red Hat fixed a total of 281 vulnerabilities in rhel4ws. 86 of those fixed were rated High severity in the NVD, Ubuntu fixed 145 vulnerabilities affecting Ubuntu 6.06 LTS. 47 of those fixed were rated High severity in the NVD and Novell fixed a total of 159 vulnerabilities affecting SLED10, of which 50 were rated High severity in the NVD," Jones added.