Re: I wonder how they measure vulnerabilities in Gentoo and Solaris.
It wouldn't surprise me if the figures were related to how much/how often the systems were patched.
I know for myself that in general we don't patch the Solaris systems we're using, we firewall the f*ck out of them, and only start services we know are going to be used. We have Solaris systems that have been untouched for over 10 years, but they're still doing the job they were supposed to, and aren't facing the outside world.
If a system is inherently more secure, with very low visibility and very low attack vectors, on an operating system that few use, is it not unexpected that the hackers will be going for the lower hanging fruit?