(Disclaimer - I've never filed a bug report with Cisco or Juniper,
but I've spent 3 decades filing bugs with almost everybody else in
the computer industry, it seems... Questions like the ones you asked
are almost always pointless unless the asker and answerer are sharing
a set of base assumptions. In other words, "which one is best/worst?"
is a meaningless question unless you either tell us what *your* criteria
are in detail, or are willing to listen to advice that uses other
criteria (without stating how they're different from yours).
1) Which vendor has more bugs than others, what are the top 3
More actual bugs, more known and acknowledged bugs, or more serious bugs that
actually affect day to day operations in a major manner?
The total number of actual bugs for each vendor is probably unknownable, other
than "there's at least one more in there". The vendor probably can produce a
number representing how many bug reports they've accepted as valid. The
vendor's number is guaranteed to be different than the customer's number - how
divergent, *and why*, probably tells you a lot about the vendor and the
customer base. The vendor may be difficult about accepting a bug report, or the
customer base may be clueless about what the product is supposed to be doing
and calling in a lot of non-bugs - almost every trouble ticket closed with RTFM
status is one of these non-bugs. If there's a lot of non-bugs, it usually
indicates a documentation/training issue, not an actual software quality
And of course, bug severity *has* to be considered. "Router falls over if
somebody in Zimbabwe sends it a christmas-tree packet" is different than "the
CLI insists on a ;; where a ; should suffice". You may be willing to tolerate
or work around dozens or even hundreds of the latter (in fact, there's probably
hundreds of such bugs in your current vendor that you don't know about simply
because they don't trigger in your environment), but it only takes 2 or 3 of
the former to render the box undeployable.
2) Who is doing a better job fixing them
Again, see the above discussion of severity. If a vendor is good about fixing
the real show-stoppers in a matter of hours or days, but has a huge backlog of
fixes for minor things, is that better or worse than a vendor that fixes half
of both serious and minor things?
In addition, the question of how fixes get deployed matters too. If a vendor
is consistently good about finding a root cause, fixing it, and then saying
"we'll ship the fix in the next dot-rev release", is that good or bad?
Remember that if they ship a new, updated, more-fixed image every week, that
means you get to re-qualify a new image every week....