Thursday, January 05, 2006

Show and tell

These things I never seem to get.

A recent post over at the slash of many dottings.

To sum up, the poster mentions that "... According to InformationWeek.com, Linux/Unix (including Mac OS) had almost three times the number of OS-specific vulnerabilities reported last year compared to Microsoft Windows. Obviously, statistics are meaningless without the proper conjecture, speculation, and opinionation, ..."

Let's talk about disclosure-ation, shall we?
The reason UNIX/GNU/Linux, as well as every other Open-Source software, has more REPORTED security vulnerabilities is because THESE ARE EASIER TO LOCATE ONCE YOU HAVE ACCESS TO THE SOURCE CODE.
That doesn't mean Open-source software has more security holes than proprietary, on the contrary, since those are easier to locate (given enough eyes...) and are easier to fix, as result. What I can't undestand is why do people confuse the sharing of knowledge with being secure? It may just be that Microsoft's products are very much less secure than GNU/Linux ones, but you'll never hear of them unless someone else finds that out and post it. That's when the vulnerability becomes "reported".

I'm not saying that Microsoft's products are not secure, mind you. In fact, it may just be that those few and far between, I don't know. Nobody does, Microsoft does not reveal the information. But what I do know, is that a vulnerability that was reported, not by Microsoft, has yet to be officially addressed, causing security companies to advise businesses to use a third party patch despite Microsoft's advisal. And even when such an official patch is released, there's no guarantee it won't cause more damage, or fix the issue at all.

At any given rate, information about GNU/Linux having more reported vulnerabilities only makes me a firmer believer in that system's security. At least GNU/Linux developers are not afraid to disclose such flaws and deal with them.

0 Comments:

Post a Comment

<< Home

eXTReMe Tracker