The argument, as made in a recent Slashdot post, that the number of patches released is indicative of the security of a system is annoying and just plain wrong. Vulnerability is a function of the number of remotely exploitable bugs, the rate at which the exploits spread, and the time between when they begin to be exploited and when the flaw is patched. To my knowledge, there have been few, if any, remotely exploitable bugs in Linux or OS X that have propagated fast enough to cause any form of disruption. One could argue that this is due to Linux and OS X combined comprising less than 10% of the desktop market, but that argument doesn’t hold up to the fact that they have the majority of the server market.

Either way, the number of patches released could mean many things, one of which is not the relative security.