Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Thread beginning with comment 430184
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Zealot - patch times.. not bug counts
by jabbotts on Tue 15th Jun 2010 20:29 UTC in reply to "RE[2]: Zealot"
jabbotts
Member since:
2007-09-06

Bug counts are useless outside of superficial mass media and fanboy debate. All software is broken. Look at patch times instead. Once discovered, now long did it take Debian maintainers to deliver the update? How open where they during the process? How affective was the patch once delivered. How do these responses and turn around times compared to other major distributions and platforms?

Personally, my issue with Apple is not that bugs are discovered but how they address them. If they drop the "impervious to anything" marketing spin and demonstrated transparency from bug report through to patch availability; no problem. Apple's "we have no bug in TCP/IP and NIC drivers" is a good example. Microsoft actually falls between the two in terms of public disclosure but they have also had cases of leaving vulnerabilities unpatched for years until embarrassed enough to address it. I haven't seen Debian try to hush up a vulnerability; they are usually to busy delivering a patch response.

Reply Parent Score: 2