On Sun, 2004-01-11 at 04:33, Jeremy C. Reed wrote: > Dr. Dobb's Journal for February 2004 has an article called "Rethinking > Software Security" that says "Linux had more vulnerabilities reported and > security patches issued in 2002 than Windows". > > The same article mentions CERT and www.SecurityFocus.com as best > resources. > > I know I read some articles talking about which operating systems have > most issues. Can anyone provide some links? > > I also started with making a CERT chart for 2002 so I can quickly count > them myself. Does anyone know if that is already done? > > (I am using the webpages at > http://www.kb.cert.org/vuls/bypublic?open&start=510.) > > Building a chart based on securityfocus.com postings would be a lot > harder. Actually it is a waste of time. Problem is that Linux security vulnerabilities are listed separately and Windows are rolled into one so there is no way to get an accurate count. MS also hides "i.e. doesn't list" all its fixes--that go into each patch so really the whole numbers thing is impossible for anyone but MS to calculate (and they are not telling) > > Just because ten vendors provide fixes or report vulnerabilities in same > software, that is only one single issue. > This is also the case current by the numbers list Linux as a distro (with all software on the CD accounted for) vs MS W2K server without anything installed--minus the GUI porblems (which no self respecting Linux Admin would install on a production server) and only one database and other normalization factors and Linux comes out way ahead of the game. Rather than counting also one factor to keep in mind is that in my years as a Linux admin I have not yet broke a Linux server by patching it. (via RPM or APT) yet I have had MS break me on patches too many times to count. Just go to google and look up "Linux vs windows security" for a lot of articles and arguments about the issue > Jeremy C. Reed > http://bsd.reedmedia.net/ > > ------------------------------------------------------------------------ > To unsubscribe email security-discuss-request@xxxxxxxxxxxxxxxxx > with "unsubscribe" in the subject of the message. -- David Blomberg AIS, APS, ASE, CCNA, LCP, LCA, Linux+, LPI I, MCP, MCSA, MCSE, RHCE, Server+ Nihon Libertec dblomber@xxxxxxxxxxxx ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@xxxxxxxxxxxxxxxxx with "unsubscribe" in the subject of the message.
