Take a Closer Look at CERT/CC Vulnerability Numbers
The Computer Emergency Response Team Coordination Center (CERT/CC) has released its annual report of vulnerability statistics. At first blush, Windows looks to be way ahead: 812 Windows holes reported versus 2328 Linux/Unix ones. But, as Groklaw and NewsForge point out, "Linux/Unix" lumps together everything from HP-UX to BSD to Solaris, plus the hundreds of "minor" distros, into one sum. Furthermore, there is considerable duplication in the Linux/Unix list; Groklaw cites one example where the same vulnerability is reported five times.
If I seem to be defensive about Linux in this arena, it's because Microsoft will predictably launch a well-funded PR blitz based on these numbers, and I'm tired of them trying to sell the Big Lie. I use Windows from time to time. It's not the Anti-OS. But Microsoft has had a history of pitching it with "half-lies and statistics", and I for one am pretty fed up with that.
From NewsForge:
If I seem to be defensive about Linux in this arena, it's because Microsoft will predictably launch a well-funded PR blitz based on these numbers, and I'm tired of them trying to sell the Big Lie. I use Windows from time to time. It's not the Anti-OS. But Microsoft has had a history of pitching it with "half-lies and statistics", and I for one am pretty fed up with that.
From NewsForge:
This is not to say that the data from US-CERT is a meaningless aggregation. You can easily spot the most vulnerable operating system in wide use today by taking a look at the Technical Cyber Security Alerts issued by US-CERT last year. Here's the bottom line:
- 22 Technical Cyber Security Alerts were issued in 2005
- 11 of those alerts were for Windows platforms
- 3 were for Oracle products
- 2 were for Cisco products
- 1 was for Mac OS X
- None were for Linux
posted by lupus @ 8:29 AM
0 Comments:
Post a Comment
<< Home