On Tue, Apr 09, 2002 at 11:08:32PM -0700, Alan wrote:
> True. I wonder just how many security issues attributed to Linux as
> applications and not OS components as well. (With some parts, the
> distinction gets blurry. If it runs in userland, is it an application or a
> part of the OS?)
Most of the numbers you will see reported in the various "comparison of
windows against linux" reports will count every bug having anything to
do with linux that has a vendor advisory that crosses bugtraq.
In other words, when there is a single vulnerability in samba, it gets
counted for each of {debian, suse, mandrake, caldera, red hat}, and
perhaps the other distros as well.
Of course, code reuse is common in Windows as well... Should a
vulnerability in 95, 98, Me, NT4, 2K, and XP _really_ count as six
different bugs? :)
Of course, I'm scared to see the numbers once the the zlib problem is
factored in...
--
http://www.wirex.com/
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:39:57 PDT