Re: Analysis of Microsoft Critical Patches

From: Cameron L. Spitzer <cls_at_truffula_dot_sj_dot_ca_dot_us>
Date: Wed Jan 11 2006 - 12:19:31 CST

I don't believe an apples-to-apples comparison is possible.
(Windoze isn't an Apple, it's a lemon. Sorry, couldn't resist.)

I subscribe to two Linux security bulletins: _Linux Today_
(daily, usually nothing important) and debian-security.
Over the years, the most obvious thing has been that the
great majority of security bugs disclosed are discovered
in code audits, and the fixes are released without any
known "in the wild" exploits. It's one of the things
the FOSS advocates justifiably brag about.

That might be happening with Windoze and its apps as well.
But if it is, it's happening among the few corporations
and universities with Windoze source licenses, without
any public disclosure, and nobody ever leaks.
I don't believe it's happening, because MSFT generally
seems to be reacting only to public disclosures of its
security bugs. But that's a gut reaction, and we don't
have the data to back it up. We don't have the information
for an apples-to-apples comparison. Those who do
are under NDA.

Cameron

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Mon Jan 8 20:24:36 2007

This archive was generated by hypermail 2.1.8 : Mon Jan 08 2007 - 20:24:39 CST