The debates that go back and forth on this relate to the inherent difference between LAMP and a Microsoft platform. When you install LAMP (using CentOS or Debian for a baseline installation, for example), what applications are you including that are not in the Windows environment? What applications are included in Windows that are not in the LAMP environment? Perhaps a more specifically-defined question would be more useful. Are you probing for the entire platform, or just the web-visible architecture? If it's just a comparison of Apache/MySQL/PHP on a Linux kernel compared to just IIS/MSDE/ASP on a Windows kernel, that may make more sense than an overall comparison. Further specifying whether only kernel exploits that are remotely-accessible should be included or if all kernel exploits should be counted would also be of use. I don't have the numbers for a comparison of this type, but they would probably be of some interest if someone wanted to put them together. Might not be terribly difficult, either. Jarrod On 7/9/06, Darren Reed <avalon@xxxxxxxxxxxxxxxxxxx> wrote:
Does anyone have statistics on the cumulative vulnerabilities in LAMP vs the equivalent for Microsoft ? (I'm also interested in whether there are better, as in more secure, environments than LAMP.) If the number of vulnerabilities is graphed over time, is either heading down or both heading up or...? - I'm not asking for a "who's better", I just want to know if anyone has a good set of numbers and if they're graphed for easy comparison. Thanks, Darren p.s. LAMP = Linux/Apache/MySQL/PHP
