Just two comments of my own, FWIW. I keep in touch with CyberNotes, which is published by the NIPC (National Infrastructure Protection Center). Although much of many debates I have heard on secure OSes (or vulnerabilities therein) can be biased or emotional, NIPC does some excellent reporting on everything they can get their hands on (and validate) ... right down to 3rd party product vulnerabilities on every platform known to man. They also produce a year end summary that is sorted by vendor. As I recall, most of IBM's vulnerabilities are marked in the Lotus Domino arena, and none that I can remember in the BCP itself (although I won't swear to this one) and the total number is small (although one could argue back the smaller deployment in the worldwide market, I'd still say it's the most secure, also). If you are interested, check them out at http://www.nipc.gov .
Secondly, for those who are interested in OS security, did anyone catch the multilevel security blurb in the z/OS 1.5 preview? Cool. Paul
