Im sorry but i fail to see how this has anything to do with windows Vs linux security. Surely if you want to know which OS is more secure then you should be trying to exploit the same program on each. What im saying is from what I gather they are comparing 2 *different* webservers made by *different* companys and expect this to show them which OS is more secure? shouldnt they be finding a webserver that runs on both linux and windows, set them up the same way on both and THEN drawing conclusions about the OS rather then looking at some software for each OS and pretend that the OS is the cause for everything?