lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <c06539870607101019g68f97fbma16b2239087aed0e@mail.gmail.com>
Date: Mon, 10 Jul 2006 10:19:11 -0700
From: "Jarrod Frates" <jfrates.ml@...il.com>
To: "Darren Reed" <avalon@...igula.anu.edu.au>
Cc: bugtraq@...urityfocus.com
Subject: Re: LAMP vs Microsoft


The debates that go back and forth on this relate to the inherent
difference between LAMP and a Microsoft platform.  When you install
LAMP (using CentOS or Debian for a baseline installation, for
example), what applications are you including that are not in the
Windows environment?  What applications are included in Windows that
are not in the LAMP environment?

Perhaps a more specifically-defined question would be more useful.
Are you probing for the entire platform, or just the web-visible
architecture?  If it's just a comparison of Apache/MySQL/PHP on a
Linux kernel compared to just IIS/MSDE/ASP on a Windows kernel, that
may make more sense than an overall comparison.  Further specifying
whether only kernel exploits that are remotely-accessible should be
included or if all kernel exploits should be counted would also be of
use.

I don't have the numbers for a comparison of this type, but they would
probably be of some interest if someone wanted to put them together.
Might not be terribly difficult, either.


Jarrod

On 7/9/06, Darren Reed <avalon@...igula.anu.edu.au> wrote:
>
> Does anyone have statistics on the cumulative vulnerabilities
> in LAMP vs the equivalent for Microsoft ?  (I'm also interested
> in whether there are better, as in more secure, environments than
> LAMP.)
>
> If the number of vulnerabilities is graphed over time, is either
> heading down or both heading up or...?
>
> - I'm not asking for a "who's better", I just want to know if
> anyone has a good set of numbers and if they're graphed for easy
> comparison.
>
> Thanks,
> Darren
>
> p.s. LAMP = Linux/Apache/MySQL/PHP
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ