Say what you will about the intentions for fixing vulnerabilities in the proprietary world. I find it to be the same for the Linux kernel really.
What's undeniable though is the dramatic change Microsoft has made in their development processes (SDL) and entire approach to security (EMET, etc). In his now-famous memo (http://www.wired.com/techbiz/media/news/2002/01/49826) Bill Gates identified security as a systemic threat to his business.
Contrast this to the Linux kernel, which is still very much in an old mindset. Even the Linux kernel's security pride and joy, its ability to publish timely fixes in response to submitted reports, is rendered ineffective by upstream's inability and unwillingness to communicate the importance of those fixes. In the space of any other commercial product based on Linux (Android, NASes, etc), you also have the problem of those fixes just not getting out to the users at all.
Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds