The thing I find disappointing about security issues is the 'count' of exploits fixed. This is also done with Linux. Linux as a core is very secure, it is the applications running on it that are usually the problem. Just glancing at the list:
Apache, ClamAV, CUPS, curl, cyrus, Dovecot, FreeRadius, MySQL, Perl, PHP, Ruby, unzip, xar
are not software packages produced by Apple, yet, are included in the vulnerability count. They are packaged and redistributed through Apple's package manager but are they truly Apple vulnerabilities?
How many Windows development boxes not running the new MySQL are currently vulnerable? Is Microsoft going to push updates to perl, MySQL, php to machines that have it installed? Will Microsoft count vulnerabilities in those applications along with their own vulnerabilities?
Some Linux distributions have packaged over 12000 pieces of software. Vulnerabilities discovered in packages that people don't even use are counted as Linux security issues.
Oh well....
