| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.58.0607161229200.16159@gandalf.hugo.vanderkooij.org> Date: Sun, 16 Jul 2006 12:33:58 +0200 (CEST) From: Hugo van der Kooij <hvdkooij@...derkooij.org> To: bugtraq@...urityfocus.com Subject: Re: LAMP vs Microsoft On Tue, 11 Jul 2006, Bob Beck wrote: > > > And I think vulnerabilities disclosed are a much better indicator > > of the changes to QA/development of products than any hyperbole > > from those responsible (be it management or developers.) > > No, I think vulnerabilities disclosed is simply a measure of how much > development and deployment is happening on the platform. period. I think that is rather inaccurate. I know companies like ISS claim on internal presentations that they do a lot of code auditing for companies like Microsoft. These audits are never publicly available and may contain significant numbers you can not see with closed-source products. The same procedure simply is not availble to open-source products which are developed in a completely different way. So I think that unless one can get these indoor figures out on the street there is no way you can compare figures. Hugo. -- I hate duplicates. Just reply to the relevant mailinglist. hvdkooij@...derkooij.org http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of magicians, for they are subtle and quick to anger.
Powered by blists - more mailing lists