D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Worth a read!

 

christopher.berry1@xxxxxxxxxxxxxx wrote:
>
> Microsoft doesn't! Surely not!!!
> Have a read!
> http://news.softpedia.com/news/Microsoft-Is-Way-too-Lazy-to-Fix-Its-Bugs-63481.shtml

Interesting.

Some people took the data from the same blog and reported it as
Microsoft has less bugs to fix ;)

All the data includes is "number of bugs fixed", it doesn't include the
number of bugs to be fixed, so all it tells you is the Microsoft fixed
less security bugs in Windows, than Redhat fixed in RHEL5 (and similar
data for others).

You can't draw any meaningful conclusions about security from this data.

Anyone claiming more than this, didn't understand the data, or is
including data from a third party source to reach those conclusions.

Counting bugs, or their fixes, is of limited value for assessing security.

Krebs "days with publicly known unpatched exploits" is perhaps more
useful from a practical perspective, but still doesn't account the whole
picture.

Surely the death of bug counts came in 2006, when Microsoft IE6 had less
critical rated bugs than Firefox according to the IBM survey), yet IE6
had a publically known exploits for about 2/3rd of the time, whilst
Firefox had such a weakness for only 9 days.

Can we stop the Microsoft bashing. The number of security flaws in
Firefox was pretty hideous, and anyone serious about security and
wanting to run a web browser, isn't faced with a pleasant choice.



Attachment: signature.asc
Description: OpenPGP digital signature

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html