Linked by Thom Holwerda on Fri 6th Jan 2006 22:56 UTC
Privacy, Security, Encryption Open source experts have hit back at a study published by the United States Computer Emergency Readiness Team that said more vulnerabilities were found in Linux/Unix than in Windows in 2005, labelling the report misleading and confusing. The report has attracted criticism from the open source community. Linux vendor Red Hat said the vulnerabilities had been miscategorised, and so could not be used to compare the relative security of Windows and Linux/Unix platforms.
Thread beginning with comment 82659
To view parent comment, click here.
To read all comments associated with this story, please click here.
dylansmrjones
Member since:
2005-10-02

Actually not.

Take a look at Secunias website.
Windows loses big time.

Windows 2003 Server is shipped with IIS6 and many other services, and of course the big security risk known as 'Internet Explorer'.

The major problem with CERTs list is the fact that flaws are counted several times. E.g. they are duplicates. This is true for Windows as well as for *nixes and other OS'es.

So the list is unusable for comparison for any platform in the list.

Reply Parent Score: 2

smashIt Member since:
2005-07-06

Take a look at Secunias website.
Windows loses big time.


please tell me where i have to look.
when i compare win 2k3 Enterprise-edition with RHEL 4 windows "wins" with 75:138 over the period of 2003-2006

if you only look at 2005-2006 (RHEL 4 was released in march 05, so it still has an advantage of 3 month) windows "wins" 36:138

Reply Parent Score: 1

dylansmrjones Member since:
2005-10-02

DOH!

You're still counting them.

I've already stated that the amount of flaws is virtually irrelevant. What DOES matter is the security threat posed by these flaws.

So we need an weighted result of these flaws on both platforms, before the numbers will make any sense.

Windows 2003 Server has many more highly critical flaws than RHEL does. If we can agree on a formula then I'm willing to do some math. But using the number of flaws alone are pure ignorance.

Reply Parent Score: 1