Linked by Thom Holwerda on Fri 6th Jan 2006 22:56 UTC
Privacy, Security, Encryption Open source experts have hit back at a study published by the United States Computer Emergency Readiness Team that said more vulnerabilities were found in Linux/Unix than in Windows in 2005, labelling the report misleading and confusing. The report has attracted criticism from the open source community. Linux vendor Red Hat said the vulnerabilities had been miscategorised, and so could not be used to compare the relative security of Windows and Linux/Unix platforms.
Permalink for comment 82762
To read all comments associated with this story, please click here.
flypig
Member since:
2005-07-13

When the original story about the US-CERT vulnerability was posted, I remember thinking that it was really obvious that all it represented was a list of the reported vulnerabilities for the year. There was no commentary or statistics, and CERT made no claims about relative security of systems. It was just a pure, factual, list of what had been reported to them in the last year.

The original report even states that "Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported..."

So to see Red Hat complaining that "the study is confusing and misleading" seems really, really odd. It wasn't a study, it was just a factual list of the reports CERT received.

The fact is that insinuations about relative OS security came only from commentators, not CERT. Surely anything else is just opinion that people have chosen to layer on top of it?

Reply Score: 1