Linked by Thom Holwerda on Fri 16th Mar 2007 17:02 UTC, submitted by Shawna McAlearney
Privacy, Security, Encryption "Starting today, I plan on posting a monthly vulnerability scorecard for common server and workstation Operating System products. I'm going to keep these scorecards pretty clean of discussion, but you can review my methodology, sources and assumptions." Note that these results speak only of fixed vulnerabilities; the author aims to include information on non-fixed problems and the time it takes to fix problems as well. You should also read this, by the way.
Thread beginning with comment 221989
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Sorry...
by Doc Pain on Fri 16th Mar 2007 18:43 UTC in reply to "RE: Sorry..."
Doc Pain
Member since:
2006-10-08

"I agree but it prooves one thing, it's that Linux has serious security holes despite what are saying linux zealots."

That's a thing I would not disagree, but:

(1) The author compares "fixed vulnerabilites". If a vulnerability is fixed, it does not exist anymore. So he's counting things that do not exist. (So your statement should be in past tense: "Linux had serious security holes".

(2) Fixing vulnerabilities show how good / fast programmers work. Assuming this, the manufacturers of "Vista" hardly do anything, they don't care anyway. :-)

(3) As it has mentioned before, software included with the OSes (or installed upon them) are interesting, too.

(4) The source contains the vulnerabilites published by the manufacturers itself.

(5) The source contains only the vulnerabilites known, not the vulnerabilities existing in fact. :-)

My judgement: The article is interesting, but says nothing.

And, as you might know from reality, the biggest vulnerability resides between keyboard and chair. :-)

Reply Parent Score: 4

RE[3]: Sorry...
by sbergman27 on Fri 16th Mar 2007 20:18 in reply to "RE[2]: Sorry..."
sbergman27 Member since:
2005-07-24

"""
And, as you might know from reality, the biggest vulnerability resides between keyboard and chair.
"""

The engineer in me makes me want to say that we should eliminate that component, then. ;-)

Reply Parent Score: 3

RE[4]: Sorry...
by Doc Pain on Fri 16th Mar 2007 20:33 in reply to "RE[3]: Sorry..."
Doc Pain Member since:
2006-10-08

""""
And, as you might know from reality, the biggest vulnerability resides between keyboard and chair.
"""

The engineer in me makes me want to say that we should eliminate that component, then. ;-)"


Well, the engineer in me suggests, we'd actually have to replace that component with one that works better because it's better educated and has a higher ability of moral judging, but the psychologist in me want's to give the engineer some sedativa. :-)

I'd like to repeat a thing that someones seem to have forgotten: The article counts the vulnerabilities detected and corrected, so it tells nothing about how secure a system is. The statistics are saying nothing.

Reply Parent Score: 4

RE[4]: Sorry...
by stestagg on Sat 17th Mar 2007 18:11 in reply to "RE[3]: Sorry..."
stestagg Member since:
2006-06-03

I know you were joking, but this links in to a related issue:
Only security freaks, and network managers with inferiority complexes eliminate anything that is a vulnerability. Yes, now that windows has been largely fixed, the user is currently the weakest link in the security chain. But he is also a necessary part of the chain. Too often, the line between security and usability is drawn far too close to security. Features are removed or disabled in software because of 'security issues' when the usability/productivity benefits of leaving said features in far outweigh the security drawbacks.

Reply Parent Score: 2

RE[3]: Sorry...
by Duffman on Fri 16th Mar 2007 22:05 in reply to "RE[2]: Sorry..."
Duffman Member since:
2005-11-23

If a vulnerability is fixed, it does not exist anymore.
Yes, I agree, but if there is some fixes, it means there was some vulnerabilities before so it's quite the same.

And, as you might know from reality, the biggest vulnerability resides between keyboard and chair. :-)
Agreed.

Reply Parent Score: 1