[kek918]

Does Microsoft or Apple have a similiar infograph publicly available?

I doubt it, but it would be interesting to compare nontheless.

[raesene6]

It would be interesting, but a very tricky comparison to make as the Linux kernel and full OS' like Windows or OSX is not really a like-for-like comparison.

Windows and OSX cover large areas of functionality not really covered by the linux kernel (e.g. windowing systems) and the Linux kernel covers a wider range of devices than Windows or OSX so will have more a larger driver base.

[eeZah7Ux]

More importantly, most Open Source projects encourage and welcome reporting vulnerabilities.

Various closed source vendors discourage that even to the point of suing people for reporting vulns while keeping known ones secret.

[raesene9]

Well doesn't apply (AFAIK) to OS vendors like Microsoft. They actively encourage, and pay for, security bug reports.

In 2013 they paid out $100k to a single researcher for a set of bug reports.

So I don't think in a comparison of OS-->OS bugs that factor would really apply

[viraptor]

You could probably pull that data out of the CVE reports. Just need to map versions and patch releases to specific dates for calculations.

[hannob]

You could, and you'd add your name to the long list of people creating bad statistics about CVEs.

See this talk: https://www.youtube.com/watch?v=3Sx0uJGRQ4s

[joosters]

I don't think it would be possible; one of the interesting parts of the article's graph is the 'creation time' of the vulnerability, but there's no corresponding public data for Windows vulnerabilities.

[viraptor]

Yes, the granularity of the start date would be closer to 2y periods. (Major windows versions affected)