Window Snyder blogged about this yesterday and today Ryan Naraine has an article up, Can Mozilla’s security metrics project end the patch-counting nonsense? that I think hits the nail right on the head.
Security is serious. It's not the place for vendors to be opaque and the press to be sensationalist. Mozilla, beyond its great track-record on client application security and best in the world openness, is working to bring some sanity to the larger browser security landscape with a new program that will hopefully, as Ryan says, "put an end to the silly notion that patch-counting helps to determine a product’s security posture."
Go give Window's blog post a read -- and don't forget that you have a chance to participate, here, in a community interview with Window so if you've got questions for her, head over to the interview post and ask them.