Vulnerability Count
John (EBo) David
plug-discuss@lists.PLUG.phoenix.az.us
Sat, 25 Aug 2001 09:52:05 -0700
"Kimi A. Adams" wrote:
>
> I find it just as interesting that the number of vulnerabilities for Red
> Hat is darn near close to Windows NT. Most people think of Red Hat when
> they first start hearing about Linux and believe that it's better
> security. But as your numbers prove, it's much less secure than other
> packages. I would be very curious to see what Debian's numbers would be in
> comparison.
I also think that some of the information is lost in just lumping the
vulnerabilities all together.
Assuming an exponential decay of the bug report incidence, I would
expect to see larger numbers in a product that has been around for 5 to
10 years than one that has been around for two. Now when I first
started using Linux back in '96, I seem to recall that it was a VERY
early verision of RH. I could be wrong there, but for the moment let's
say that RH is something like 6 years old. That would make RH on par
with Solaris for vulnerability (which is something like 1/5'th that of
Win2000. Also, when I bought my SPARCclassic in '93 it shipped with
Solaris 2.0 IIRC, so that would make Solaris something like 9 years old
not 7. Also, IIRC, Solaris 1.1 was a revamp of SunOS 4.1.3 rev B
cleaned up with a few additions, and repackaged. SunOS has been around
since the mid 80's. We got our first Suns in the graphics lab at UNM in
the summer of '84.
EBo --