Red Hat Enterprise Linux 4 was released on February 15th, 2005. This report takes a look at the state of security for the first two years from release. We look at key metrics, specific vulnerabilities, and the most common ways users were affected by security issues. We will show some best practices that could have been used to minimise the impact of the issues, and also take a look at how the included security innovations helped.