| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8764zaqzak.fsf@deneb.enyo.de> Date: Tue Mar 29 15:53:23 2005 From: fw at deneb.enyo.de (Florian Weimer) Subject: windows linux final study * security curmudgeon: >>From the report: > > Additionally, when examining the days of risk time between when a > vulnerability is publicly disclosed to when a patch is released by the > vendor for that vulnerability we found an average of 31.3 days of risk > per vulnerability for the Windows solution, 69.6 days of risk per > vulnerability for the minimal Linux solution and 71.4 days of risk for > the default Linux solution. > > This is from page 2 of the study. Can we agree that if you find a serious > flaw/error in the paper by page 2 (out of 37) that one might have reason > to be skeptical? > > Does anyone in the security industry *really* think Windows ever has a > 31.3 day of risk for vulnerabilities? I would have expected that it's lower than that. After all, it's defined as the number of days between public disclosure and patch release, and I assume it's rather unlikely that vulnerabilities are discussed publicly before the patch release (except for browser-related vulnerabilities).
Powered by blists - more mailing lists