Linked by Thom Holwerda on Fri 6th Jan 2006 22:56 UTC
Privacy, Security, Encryption Open source experts have hit back at a study published by the United States Computer Emergency Readiness Team that said more vulnerabilities were found in Linux/Unix than in Windows in 2005, labelling the report misleading and confusing. The report has attracted criticism from the open source community. Linux vendor Red Hat said the vulnerabilities had been miscategorised, and so could not be used to compare the relative security of Windows and Linux/Unix platforms.
Thread beginning with comment 82775
To view parent comment, click here.
To read all comments associated with this story, please click here.
flypig
Member since:
2005-07-13

I agree that there is always a danger that a list such as this one will be misinterpreted.

I'm just not sure how CERT could have done it differently. All they did was produce a factual list of vulnerabilities based on the information reported to them. It's just something that CERT does. They did the same thing last year, and maintain a running list as well:

http://www.us-cert.gov/cas/bulletins/index.html

Lists like this are important. It would be kind of absurd if they couldn't be produced just for fear them being badly misenterpreted by commentators!

Reply Parent Score: 1

dylansmrjones Member since:
2005-10-02

Of course they should have a list. And release it.

But it doesn't help that they lump *BSDs with Linux. Several flaws are duplicates, which is the result of nothing but poor assembling of the list. They could have done better.

But no doubt CERT should keep releasing these lists, no matter how stupid journalists and bloggers tend to be.

Reply Parent Score: 1

flypig Member since:
2005-07-13

OK, fair enough, I'll go with that!

As you say, the categorisation could well have been more refined, and duplicates could have been handled differently.

Clearly the list is not really suitable for drawing any immediate statistical conclusions.

Reply Parent Score: 1