Since 2005 Apple has been listing all responsible disclosed vulnerabilities (web application security) on a dedicated page. There are in total 435 bugs listed, reported by hundreds of individuals.
In 2011 I've already made a posting about vulnerabilities I've found in Apple's sites. This posting was called Apple XSS Gallery
In the past I've reported a lot of security bugs to Google (you find here some stats about the last year) and three months ago I've found in just one night a lot of reflective XSS bugs on different apple.com sites.
If I try to compare both security team,