lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: dan at ssc.com (Dan Wilder)
Subject: [inbox] Re: RE: Linux (in)security

On Thu, Oct 23, 2003 at 05:15:07PM -0500, Paul Schmehl wrote:

> Your arguments are nothing short of silly.
> 
> In 2003 there have been 43 security advisories for SUSE Linux according to 
> SUSE's website:
> http://www.suse.com/de/security/announcements/index.html
> 
> RedHat has had 53 during the same time period:
> https://rhn.redhat.com/errata/rh9-errata-security.html
> 
> Debian has had 176 during the same time period:
> http://www.debian.org/security/2003/
> 
> During the same time period, Microsoft has had 47.  And those 47 include 
> things like Exchange Server and SQL Server, not *just* the Windows OS. 

<Chiming in on this thread against my better judgement>

Among those advisories you mention on the Linux sites, I see subjects
including tomcat4, openssl, freesweep, marbles, gopher, sendmail, 
mah-jong, wu-ftpd, exim, perl, phpgroupware, mutt, qpopper, squirrelmail.
And many more that are similar in that they've no relationship with
the OS save being shipped with it.  Hardly *just* the Linux OS.  Some
of those packages mentioned on the Debian site were begun long before 
there _was_ such a thing as Linux.

Even if you classify things like XFRee86 and Samba as being part of the
OS for purposes of comparing with Windows, which features much tighter
coupling between the OS and some of its services than do the UNIX-like
OSs, I believe you're going to be hard-pressed to come up with 47 
advisories against the OS.  Or anything remotely near that number.

Let's compare apples to apples, so to speak, if we're going to
invest the effort in the first place, into making silly comparisons.

-- 
-----------------------------------------------------------------
 Dan Wilder <dan@....com>   Technical Manager
 SSC, Inc. P.O. Box 55549   Phone:  206-782-8808
 Seattle, WA  98155-0549    ICQ UIN 216717075
 Publishers of Linux Journal
-----------------------------------------------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ