https://people.redhat.com/mjc/. This month we've also tidied up some of the XSLT used to create the web pages, so the sample reports now have the default style and contain descriptions of each vulnerability as listed at CVE.
The perl script used to analyse the raw stats has also had some updates and no longer needs to be edited to filter the vulnerabilities you are interested in. Run "perl daysofrisk.pl --help" for details.
For Red Hat Enterprise Linux 3 across all dates (20 months) we've had 13 critical vulnerabilities; of which 84% had updates available via Red Hat Network within a day of the vulnerability being public.