In case you didn't notice, you're comparing a completely open process with one that is almost entirely closed. I.E. The total number of remote roots on Solaris, Windows NT, Irix, and the like is magnitudes higher than is actually disclosed. Whereas generally on Open Source platforms, you know and understand everything there is to know about each vulnerability. This is why on Open Source platforms (or platforms for which the source code is so readily available as to make it open source in all but name) people are now hunting down obscure integer overflows, and on closed source platforms fuzzers are happily picking out stack overflows in initial handshake messages. Were you comparing a vendor's internal bug database to various bugzillas you might have a better case. Dave Aitel Immunity, Inc. On Tue, 26 Nov 2002 19:17:56 +1300 (NZDT) zen-parse <zen-parse@gmx.net> wrote: > In case people haven't noticed yet, Open Source is not more secure.
