I like Secunia as an organisation.  They present huge amounts of data that you can then pick into if you disagree with it.  For example, ZDNet recently said that 2007 saw more serious security flaws for Apple OSX compared to Windows using the information provided by Secunia's web site.  They also run a scan on people's PC to determin how good/bad they are and while things have improved - it is again too easy to be one of the people throwing things saying "I'm alright because I run Windows Update or applied Service Pack 1".

One-fifth of Windows apps go unpatched

Updates are available, but users haven't installed them, says Secunia

December 28, 2007 (Computerworld) -- One in five applications installed on Windows PCs are missing security patches, a Copenhagen-based vulnerability tracker has reported.

According to Secunia APS, more than 20% of the applications scanned by its Personal Software Inspector (PSI) utility were open to attack because available fixes for security flaws had not been applied.

"More than 20% of all applications installed on users' PCs have known security flaws, but the users have yet to install the patch provided by the vendor of [the] product," said Jakob Balle, Secunia's development manager, in a post to the company's blog last week.

The 20% figure was based on scans of more than 14.5 million applications installed on the Windows PCs operated by users who downloaded and installed Secunia's PSI. The utility scans for some 4,200 different applications and reports on their patch status.

The 1-in-5 ratio, however, is an improvement over earlier PSI scans. Last May, Secunia said that 28% of the applications PSI scanned were missing available security updates.

One-fifth of Windows apps go unpatched

ttfn

David