Linked by Thom Holwerda on Fri 16th Mar 2007 17:02 UTC, submitted by Shawna McAlearney
Privacy, Security, Encryption "Starting today, I plan on posting a monthly vulnerability scorecard for common server and workstation Operating System products. I'm going to keep these scorecards pretty clean of discussion, but you can review my methodology, sources and assumptions." Note that these results speak only of fixed vulnerabilities; the author aims to include information on non-fixed problems and the time it takes to fix problems as well. You should also read this, by the way.
Thread beginning with comment 222045
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Sorry...
by butters on Fri 16th Mar 2007 21:56 UTC in reply to "RE: Sorry..."
Member since:

All general-purpose server operating systems have vulnerabilities. OpenBSD proves that even if you obsess about security and only run the TCP/IP stack by default, eventually people will find holes in the TCP/IP stack. It's inevitable. If you consider vulnerabilities in all of the server packages distributed by the OpenBSD project, the number goes way up. And this is the most paranoid general-purpose server system that a security-minded sysadmin could choose.

This leads to the next point, which is that Windows Server doesn't come with that many actual servers, whereas most other server platform vendors distribute just about any server software you could want. This figures into any tally of vulnerabilities. Also, as somebody else mentioned, open source systems tend to have more reported vulnerabilities because everything is a white-box attack. Subjecting the code to widespread white-box analysis makes it much higher quality in the long-run, but it also raises the bar for quality because white-box attacks are far easier to craft. In other words, security through obscurity is far from optimal, but it does make the system significantly harder to exploit, and open source systems can't really take advantage of this.

Reply Parent Score: 3