Date: Thu, 25 Jul 1996 23:57:56 -0700 (PDT) From: obrien@cs.ucdavis.edu To: FreeBSD-chat@FreeBSD.org (FreeBSD misc chating list) Subject: Cert's mis-opinions Message-ID: <199607260657.XAA15249@kongur>
next in thread | raw e-mail | index | archive | help
This is from CERT's choose_operating_sys (info.cert.org:/pub/tech_tips): Freely-Available vs. Commercial Software [..snip..] If you select freely available OS versions and don't have the resources to maintain software in-house, it's important to know that you could be placing your site at a high risk of compromise. This risk can exist because your site will not be receiving security patches on a regular basis from a vendor (or third party). In cases where intruders are exploiting a vulnerability, operating system vendors may have analyzed the vulnerability and released security patches for their operating systems. On the other hand, sites with freely available OS versions but without the expertise to develop and install patches may remain at risk from the vulnerability. Yea, right! Linux maybe -- FBSD, no! I've seen more security patches from FreeBSD, Inc. than I ever have from Sun. I'd say FreeBSD rivals *every* commerical vendor out there. And since FBSD has one distribution site, you know exactly where to come to for advisories and patches. Jordan, maybe you could refute this bogus advice from CERT? -- David (obrien@cs.ucdavis.edu)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607260657.XAA15249>