Vulnerability Count
John (EBo) David
plug-discuss@lists.PLUG.phoenix.az.us
Sun, 26 Aug 2001 01:48:21 -0700
George Toft wrote:
>
> Come on, it's just a script:
>
> #!/bin/bash
>
> # This script gets the list of vulnerabilities for each operating system
> > > ...
> > > > It would also be nice if you could plot the frequency of vulnerabilities
> > > > over time and compare a single graph...
> > >
> > > A breakdown of remotely exploitable vs locally exploitable would be
> > > good, too.
> >
> > agreed.
Just made the time to check out the site. Most of what I wanted to see
is there to see... I do find it interesting that they make a Linux
aggregate (I assume the sum of all Linux distro's). This counts many,
if not most, vulnerabilities twice. Also aggregating Win2000/NT may do
the same (although these are supposed to be different OS's).
The thing I find interesting is that RH is on par with Win* for
vulnerabilities so far this year. Are these numbers correct? Are we
counting apples and oranges, or is the RH count totaling all packages
while win* counting only the OS. I really am curious about this...
EBo --