Bad Linux
David A. Sinck
plug-discuss@lists.PLUG.phoenix.az.us
Thu, 17 May 2001 15:59:37 -0700
\_ SMTP quoth Alan Dayley on 5/17/2001 15:17 as having spake thusly:
\_
\_
\_ At 02:46 PM 5/17/2001 -0700, you wrote:
\_ >Mean time to patch a known virus-exploited security hole over the last year
\_ >as reported by the Wall Street Journal.
\_ >
\_ >Windows: Overnight.
\_ >Linux: About 7 months.
\_ >Solaris: More than 1 year.
\_
\_ "Mean time to patch" meaning when a person applies the patch to the
\_ affected computer? If yes, I seriously question the "Windows: Overnight"
\_ statement. I even question it if it means to when the patch is available.
\_ Overnight is baloney, IMO.
And um, what defines when it's patched? When the linux firewalls
filter it, when the source is patched, or when your neighbor down the
street finally upgrades?
It would also be interesting to see a 'severity' index tied into that
statement.
Oh wait, I'll stop preaching to the choir.
David