Symantec's comprehensive security report on the malware industry from July 1 to December 31, 2007, is now avaible in its 100+ page glory. Symantec broke down information on patch development time by operating system and by the type of vulnerability encountered. Surprisingly, Microsoft had the shortest time-to-patch over both halves of 2007. In the first part of the year, Microsoft released 38 patches (two of which involved third-party applications) with an average deployment time of 18 days. From July to December, Microsoft released 22 patches with an average patch time of six days.
Red Hat came in second, at 32 days for the second half of the year and 36 days in the first half. That's quite a bit higher than Microsoft's average, but of the 227 vulnerabilities Red Hat patched in 2007, 226 of them involved third-party applications. Apple, Sun, and HP all lag well behind Microsoft and Red Hat, though the gap for each company differs significantly between the first and second halves of last year.
News Source: Symantec