Among the other metrics that I track, I also periodically look at days-of-risk, or the average amount of time that customers are exposed to public vulnerabilities before a vendor provides a patch.  You can take a look at the full findings on Days-of-risk in 2006 : Linux, Mac OS X, Solaris and Windows, where I compare Microsoft, Red Hat, Novell SUSE, Apple Mac OS X and Sun Solaris.

 You can also click on this chart to get to the full article: