Security experts and other critics have attacked a recent study which claimed that in 2005 more security vulnerabilities were found in Linux/Unix than in Windows. Published by the U.S. Computer Emergency Readiness Team, the study has been called "confusing and misleading" by Ark Cox, a consulting software engineer at Red Hat.
"For example, Firefox is categorized as a Unix/Linux operating-system flaw, but it runs just as well on a Windows platform. Apache and PHP also run just as well on both platforms. There are methodological flaws in the statistics," he said.
Steven Christey, an editor for Common Vulnerabilities and Exposures, claims that the statistics used in the study were no basis for comparison of the relative security of Windows and Linux/Unix. This, he says, is because they had been collected from different sources with different criteria for the collection of flaws.