Date: Mon, 15 May 2000 15:20:53 -0400 From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: freebsd-chat@freebsd.org Subject: BUGTRAQ Vulnerabilities Stats Message-ID: <20000515152053.A54495@cc942873-a.ewndsr1.nj.home.com>
next in thread | raw e-mail | index | archive | help
I was just having a look at the statistics compiled at, http://www.securityfocus.com/vdb/stats.html Of the BUGTRAQ vulnerabilities for the past three years. For those interested, FreeBSD is one of those included on the list. For all of the OSs, you need to consider how much they are deployed (someone, whitehat, blackhat, or a designer's own engineers, needs to find the hole first) and what roles they fill (how many webservers are running under MacOS?) before taking shear number of reports as indication of the software's quality. There are no big shocks to me. WinNT easly tops the list with "Linux" pulling up not too far behind. "Linux" is not surprising since it is an aggregation of various distributions. Debian and RedHat are singled out and have much lower numbers when looked at individually. FreeBSD has the most of the *BSD listed (Free, Net, and Open) with 1999 having quite a spike (but almost all OSes have a spike in '99). The big 2.2 to 3 jump is probably a big part of that. That FreeBSD has more than OpenBSD is no suprise given that OpenBSD's primary goal is security. That it has more than NetBSD may be accounted for by FreeBSD being more widely deployed with more aggressive development? Or is NetBSD more security conscious? I don't have enough feel for what's up with NetBSD to say. Anyway, I just found the info at SecurityFocus interesting and wondered if anyone out there had any brilliant insights into the stats... Or any brilliant reasons why the numbers are meaningless. Better yet, anyone have more thorough cites for security comparisons among a broad range of OSes (not the old NT versus "UNIX" ones please). -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000515152053.A54495>