A Blog of Very Little Brain

'What does Crustimoney Proseedcake mean?' said Pooh. 'For I am a Bear of Very Little Brain, and long words Bother me.'

Show and tell

leave a comment »

These things I never seem to get.

A recent post over at the slash of many dottings.

To sum up, the poster mentions that “… According to InformationWeek.com, Linux/Unix (including Mac OS) had almost three times the number of OS-specific vulnerabilities reported last year compared to Microsoft Windows. Obviously, statistics are meaningless without the proper conjecture, speculation, and opinionation, …”

Let’s talk about disclosure-ation, shall we?
The reason UNIX/GNU/Linux, as well as every other Open-Source software, has more REPORTED security vulnerabilities is because THESE ARE EASIER TO LOCATE ONCE YOU HAVE ACCESS TO THE SOURCE CODE.
That doesn’t mean Open-source software has more security holes than proprietary, on the contrary, since those are easier to locate (given enough eyes…) and are easier to fix, as result. What I can’t undestand is why do people confuse the sharing of knowledge with being secure? It may just be that Microsoft’s products are very much less secure than GNU/Linux ones, but you’ll never hear of them unless someone else finds that out and post it. That’s when the vulnerability becomes “reported”.

I’m not saying that Microsoft’s products are not secure, mind you. In fact, it may just be that those few and far between, I don’t know. Nobody does, Microsoft does not reveal the information. But what I do know, is that a vulnerability that was reported, not by Microsoft, has yet to be officially addressed, causing security companies to advise businesses to use a third party patch despite Microsoft’s advisal. And even when such an official patch is released, there’s no guarantee it won’t cause more damage, or fix the issue at all.

At any given rate, information about GNU/Linux having more reported vulnerabilities only makes me a firmer believer in that system’s security. At least GNU/Linux developers are not afraid to disclose such flaws and deal with them.


Written by Erez

Thursday, January 5, 2006 at 6:52

Posted in GNU/Linux, Technology

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: