> And I think vulnerabilities disclosed are a much better indicator > of the changes to QA/development of products than any hyperbole > from those responsible (be it management or developers.) No, I think vulnerabilities disclosed is simply a measure of how much development and deployment is happening on the platform. period. > I fully expect that both the Microsoft and Linux based platforms to > continue to be the most popular for web deployments and thus the most > interesting for hackers to target and vulnerabilities to be found. > > What would concern me more here is if one platform was on the up > whilst the other was on the down. This will always be the case as one platform changes in popularity for deployments relative to another. The simple fact is most of the MS/PHP/JAVA web development will be being done by code monkeys, fresh out of school.. I'm pretty certain they will "inbug" the same average number of bugs per line of code they write no matter what platform it is. Development is often outsourced to an external coding haus, written to a spec, without complete info about what the whole final application is going to do. Frequently they don't even reuse "mature" code from past releases because you don't want to release it to the external people, or you're too busy chasing platform-du-jour (Want a great example of this? I'm betting Sun One, going from version 5 to version 6 is a good one) -Bob
