Linked by Thom Holwerda on Fri 16th Mar 2007 17:02 UTC, submitted by Shawna McAlearney
Privacy, Security, Encryption "Starting today, I plan on posting a monthly vulnerability scorecard for common server and workstation Operating System products. I'm going to keep these scorecards pretty clean of discussion, but you can review my methodology, sources and assumptions." Note that these results speak only of fixed vulnerabilities; the author aims to include information on non-fixed problems and the time it takes to fix problems as well. You should also read this, by the way.
Thread beginning with comment 221981
To read all comments associated with this story, please click here.
BSD's
by jackson on Fri 16th Mar 2007 18:34 UTC
jackson
Member since:
2005-06-29

This was my post on that site about the BSD's:

From November, 2006 to March 16, 2007, FreeBSD has only issued 5 security advisories:

FreeBSD-SA-06:24
FreeBSD-SA-06:25
FreeBSD-SA-06:26
FreeBSD-SA-07:01
FreeBSD-SA-07:02

http://www.freebsd.org/security/

And arguably the most secure OS on the planet, OpenBSD, has released 10 security updates during almost the exact same time period (OpenBSD 4.0 was released on November 1, 2006). Here is their errata:

http://openbsd.org/errata40.html

Reply Score: 2

RE: BSD's
by nullpt on Fri 16th Mar 2007 19:10 in reply to "BSD's"
nullpt Member since:
2006-10-20

Hi,

But still... In that period you can probably find duzens of security advisories for each linux distributions.

Cheers

Reply Parent Score: 1

RE: BSD's
by Duffman on Fri 16th Mar 2007 22:16 in reply to "BSD's"
Duffman Member since:
2005-11-23

And arguably the most secure OS on the planet

The 'arguably' most secure OS on the planet developers are always seeking at security holes in their code, that's why they find some.

You would be surprise by the number of security holes discovered if the openbsd developers was applying the same policy only one day on the freebsd code ...

Reply Parent Score: 2

RE: BSD's
by dylansmrjones on Fri 16th Mar 2007 22:58 in reply to "BSD's"
dylansmrjones Member since:
2005-10-02

Which is the same as the numbers I have for my gentoo installation ;)

However - you forget one thing. The FreeBSD advisories only handle a minimum of packages compared with advisories from Apple, Microsoft and Redhat. Redhat and Ubuntu count in Firefox vulnerabilities. FreeBSD do not despite the vulnerability being crossplatform and relevant for FreeBSD as well. It would be more correct to compare FreeBSD advisories with advisories for LFS and half of BLFS. It gives the same result btw. ;)

Reply Parent Score: 2