Date: Thu, 25 Jul 1996 23:57:56 -0700 (PDT) From: obrien@cs.ucdavis.edu To: FreeBSD-chat@FreeBSD.org (FreeBSD misc chating list) Subject: Cert's mis-opinions Message-ID: <199607260657.XAA15249@kongur>
next in thread | raw e-mail | index | archive | help
This is from CERT's choose_operating_sys (info.cert.org:/pub/tech_tips):
Freely-Available vs. Commercial Software
[..snip..]
If you select freely available OS versions and don't have the
resources to maintain software in-house, it's important to know that
you could be placing your site at a high risk of compromise. This
risk can exist because your site will not be receiving security
patches on a regular basis from a vendor (or third party). In cases
where intruders are exploiting a vulnerability, operating system
vendors may have analyzed the vulnerability and released security
patches for their operating systems. On the other hand, sites with
freely available OS versions but without the expertise to develop and
install patches may remain at risk from the vulnerability.
Yea, right! Linux maybe -- FBSD, no! I've seen more security patches
from FreeBSD, Inc. than I ever have from Sun. I'd say FreeBSD rivals
*every* commerical vendor out there. And since FBSD has one distribution
site, you know exactly where to come to for advisories and patches.
Jordan, maybe you could refute this bogus advice from CERT?
-- David (obrien@cs.ucdavis.edu)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607260657.XAA15249>