Just came across this thanks to an article in InformationWeek.

Some interesting highlights for the first half of 2006:

• Microsoft is now coming out with security patches as fast as Linux.   MSFT takes an average of 13 days, as does Red Hat.   Apple takes 37 days.
• Spam now makes up 54% of all monitored email.
• Financial Services was the most heavily phished sector.   This makes me wonder why more banks are not adopting shared secret approaches, like getting you to upload a photo that they show back to you when you log in.   If you have a camera built into your computer (like all Apple’s do) then the bank could snap a photo of you each time you log in.   Consumers would know that a phishing email was fake if they didn’t see their most recent photo in the email.
• Web Applications (as in Web 2.0) are now generating a high number of vulnerabilities.
  

  The high number of these vulnerabilities is due in part to the popularity of Web applications and to the relative ease of discovering vulnerabilities in Web applications compared to other platforms. Web applications are required to accept and interpret input from many different sources, and there are very few restrictions to distinguish valid input from invalid….

  For instance, Web applications are often susceptible to common types of input validation vulnerabilities, such as cross-site scripting and SQL injection, that are typically easy to discover with a minimal amount of effort and skill. (see pages 10, 11)

• In the first half of 2006, it looks like Opera was the safest browser:

You can get a copy of the whole report in pdf format.