router99
Linux is a cluster fuck of independent projects all trying to work around each other. FOSS devs, (not all) are very loose with their security requirements, especially with Linux. Linux relies on being FOSS as a big selling point of its security, which after the XZ issue, is now a moot point. Plus, Linux requires people to baby and micro manage their setup, and for most people that is a bad idea. Windows has built in signature verification, Linux does not, has way better support, and has things designed for it.
Also, the big companies actually report found vulnerabilities to each other, in Linux world, if someone finds a vulnerability but doesn't like the project, they will forgo telling said project out of spite