Vulnerability Count
Kevin Buettner
plug-discuss@lists.PLUG.phoenix.az.us
Sat, 25 Aug 2001 11:13:01 -0700
On Aug 25, 9:10am, Kimi A. Adams wrote:
> I find it just as interesting that the number of vulnerabilities for Red
> Hat is darn near close to Windows NT. Most people think of Red Hat when
> they first start hearing about Linux and believe that it's better
> security. But as your numbers prove, it's much less secure than other
> packages. I would be very curious to see what Debian's numbers would be in
> comparison.
Visit http://www.securityfocus.com/vdb/stats.html and see for
yourself.
But, while you are there, take a look at the number of reported
vulnerabilities for (e.g.) OpenBSD during 1997 vs. 2001, and
then ask yourself if you really believe that OpenBSD circa 1997
is more secure than OpenBSD circa 2001. Do the same thing for
the various versions of Linux too. If you (mistakenly, IMHO)
equate lower numbers with being more secure, then you'll find
that the most secure version of Debian (or Red Hat) existed in
1997 and things have gotten steadily worse since! (The year 2001
numbers are better than the year 2000 numbers for both OSes, but the
year isn't over yet.)
In other words, take these numbers with a grain of salt.
Kevin