Many remember a few months ago Symantec came under fire for suggesting that IE was more secure than Firefox, because it had less security issues. Immediately many pointed out that Symantec’s methodology in the research was flawed, since they focused on vendor acknowledged security issues. That essentially lets the development teams decide how many security issues they want to have.
Symantec has now revised their research to include how many non-vendor confirmed security issues were reported. This puts things a bit more level of a playing field. Naturally you’d expect Firefox to have more confirmed flaws, because development is transparent. The IE team has the ability to selectively choose what’s “critical”. That’s a big advantage in the old comparison. They don’t seem to declare a “winner”, they just lay out the data.
Moral of the story? Data is only accurate if the research is well done. Symantec realized their research was flawed, and corrected it in a way that seems pretty fair, considering Firefox and IE have totally different development situations.