Red Hat has published [PDF] a white paper covering the state of security for the first five years of Red Hat Enterprise Linux 4. "Red Hat Enterprise Linux 4 was released on February 15th, 2005. This report takes a look at the state of security for the first five years from release. We look at key metrics, specific vulnerabilities, and the most common ways users were affected by security issues. We will show some best practices that could have been used to minimize the impact of the issues and also take a look at how the included security innovations helped."
June 2, 2010
Risk Report: Five years of Red Hat Enterprise Linux 4
Read more at LWN