Linux came in with far fewer defects than average as did a number of other open source projects. The version 2.6 of the Linux kernel had a security bug rate of .127 per thousand lines of code. The kernel scan covered 3,639,322 lines of code. As exposures were identified by repeated scans, 452 defects have been fixed by kernel developers; 48 have been verified but not yet fixed; another 413 remain to be verified and fixed, according to code scanning results posted on the Coverity Web site.

http://www.informationweek.com/story/showArticle.jhtml?articleID=205600229&cid=RSSfeed_IWK_All
http://www.zdnet.com.au/news/security/soa/11-open-source-projects-pass-security-health-check/0,130061744,339284949,00.htm

And what's that supposed to tell?

Nothing. It's just a news article with some (imo interesting) stats.

This is great news. It will be even better once the kernel and open source projects such as Apache HTTP server and Firefox reach Rung 2 status. This is exactly what open source needs more of.

Once we have Rung 2 status we can stick a post-it note to Ballmer's sweaty forehead. :)