On Tue, 11 Jul 2006, Bob Beck wrote: > > > And I think vulnerabilities disclosed are a much better indicator > > of the changes to QA/development of products than any hyperbole > > from those responsible (be it management or developers.) > > No, I think vulnerabilities disclosed is simply a measure of how much > development and deployment is happening on the platform. period. I think that is rather inaccurate. I know companies like ISS claim on internal presentations that they do a lot of code auditing for companies like Microsoft. These audits are never publicly available and may contain significant numbers you can not see with closed-source products. The same procedure simply is not availble to open-source products which are developed in a completely different way. So I think that unless one can get these indoor figures out on the street there is no way you can compare figures. Hugo. -- I hate duplicates. Just reply to the relevant mailinglist. hvdkooij@xxxxxxxxxxxxxxx http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of magicians, for they are subtle and quick to anger.
