Am I mistaken or don't we have every other year a report showing that linux kernel security bugs are fixed very slowly? It started approximately since linux itself gained significant reputation in that area against proprietary operating systems (so nearly forever).
I think it's FUD. Admittedly that's an uninformed comment because I am so convinced of that, that I do not even take the time to read the reports in question anymore...
But I'd like to outline something factual: I see 2 CVE ids here from 2009.
In 2009 only, there were over 5500 CVE ids. The evolution of the number of CVE entries since 2000 is, in my opinion, a much more interesting topic .
Now my question for Trustwave: who funded that research?