Vulnerability Count
George Toft
plug-discuss@lists.PLUG.phoenix.az.us
Sat, 25 Aug 2001 19:15:39 -0700
The other thing to consider is that we are finding problems
now that have existed for years, so the numbers now are artificially
higher.
Another factor driving up the numbers is the amount of scrutiny each
OS is receiving - more now than ever - so the numbers would be higher
even if we had the same number of vulnerabilities created per year.
George
Kevin Buettner wrote:
>
> On Aug 25, 9:10am, Kimi A. Adams wrote:
>
> > I find it just as interesting that the number of vulnerabilities for Red
> > Hat is darn near close to Windows NT. Most people think of Red Hat when
> > they first start hearing about Linux and believe that it's better
> > security. But as your numbers prove, it's much less secure than other
> > packages. I would be very curious to see what Debian's numbers would be in
> > comparison.
>
> Visit http://www.securityfocus.com/vdb/stats.html and see for
> yourself.
>
> But, while you are there, take a look at the number of reported
> vulnerabilities for (e.g.) OpenBSD during 1997 vs. 2001, and
> then ask yourself if you really believe that OpenBSD circa 1997
> is more secure than OpenBSD circa 2001. Do the same thing for
> the various versions of Linux too. If you (mistakenly, IMHO)
> equate lower numbers with being more secure, then you'll find
> that the most secure version of Debian (or Red Hat) existed in
> 1997 and things have gotten steadily worse since! (The year 2001
> numbers are better than the year 2000 numbers for both OSes, but the
> year isn't over yet.)
>
> In other words, take these numbers with a grain of salt.
>
> Kevin
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list - PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss