Linux doesn't have a good culture of security. Local root bugs are dime a dozen. Security fixes in the kernel are not flagged as such. There's no systematic effort to stop the most common types of security bug (memory bugs in some driver ioctl handler). Linus doesn't have much patience for or interest in security improvements - look at http://article.gmane.org/gmane.linux.kernel/706950 - Etc etc.
Before submitting, I debated whether to put a disclaimer line in - "not that the kernel has the worlds best security record", but I thought - nah nobody's going to use this as an opportunity to jump in & grind their "kernel security" axe. What a fool am I.
I however think the relative silence around Xen security is far more of a worry. That was my point.
