theranjan writes: "When Jeff Jones, a Security Strategy Director at Microsoft, decided to compare Internet Explorer security vulnerabilities with those of Mozilla Firefox, and decided to publish his results showing that Internet Explorer was more secure, he perhaps forgot that the Head Security Strategist of Mozilla, Window Snyder, was a former MS employee, in fact the security lead for the Service pack of Windows XP and Server. In a rebuttal of the study, Window Snyder said that the number of vulnerabilities publicly acknowledged was just a "small subset" of all vulnerabilities fixed internally. The vulnerabilities found internally are fixed in service packs and major updates without public knowledge. This is probably one of the first times that we have confirmation from one of Microsoft's former workers that this practice is routinely followed in Microsoft. This also confirms that the studies performed or referenced by Microsoft touting itself as the safest Operating system, comparing the vulnerabilities between OSes, needs to be taken with bucketfuls of salt. Finally, Window speaks out against the practice of counting bugs,stating plainly that "If we as an industry would just acknowledge that counting bugs is useless then vendors could feel safe talking about what they are doing to protect users" and "Were not building fixes for our PR team, were building them for our users. Go ahead and count.""