That’s an interesting question. It’s pretty nuanced. I don’t know of any laws that would stop Microsoft from going “oops, we had a bug in our software, sorry about that”. Same for the linux distros. Unless you’re a corporate customer, then that would be included as part of some contract. So at the end of the day you trust Microsoft’s reputation. You’d trust your distro of choice as well. So as a thought experiment I would suggest that the most secure operating system provider is the one that ships a very similar version of its OS to both end-users and enterprise customers. Some Linux distributions fall into that category, some definitely not.

Also, keep in mind that some distros are run mostly by individual contributors not employed by any knowingly reputable company, so I’d stay away from those by default.