Date: Sun, 4 Jun 2000 23:42:20 -0700 (PDT) From: Kris Kennaway <kris@FreeBSD.org> To: Nicolas <list@rachinsky.de> Cc: Matt Heckaman <matt@ARPA.MAIL.NET>, FreeBSD-ADVOCACY <freebsd-advocacy@FreeBSD.ORG> Subject: Re: FreeBSD/Solaris Message-ID: <Pine.BSF.4.21.0006042334480.47848-100000@freefall.freebsd.org> In-Reply-To: <02e301bfce62$9b4e73b0$7d0a36d5@gottt>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 4 Jun 2000, Nicolas wrote: > Aggregate stats for 3 years of Bugtraq are now available. > > Ever wanted to know which operating systems and applications have the most > reported security vulnerabilities? Are there more known vulnerabilities in > Windows NT or Linux? > > http://www.securityfocus.com/frames/?content=/vdb/stats.html > > end of copy > > I hope this is what you are looking for. Actually these numbers are slightly misleading in this context: they include with FreeBSD some port vulnerabilities as well (plus they're only based on vulnerabilities collected from those reported to bugtraq, so they're necessarily incomplete). But even so, Solaris is way "ahead" of FreeBSD in the list. Speaking as one of the FreeBSD security officers, we are pretty good at reporting holes which are internally discovered (i.e. not disclosed in public by someone else), but I can't say the same about Solaris - most of their advisories seem to be in response to exploits published in bugtraq, thereby "forcing their hand". There's also the fact that Solaris are *still* having root exploit after root exploit found because of failure to audit their vulnerable code. I must admit I have a bit of a soft spot for Solaris, but it's certainly not because of their attention to security. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe <forsythe@alum.mit.edu> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0006042334480.47848-100000>