From owner-freebsd-chat Mon May 15 14:52:50 2000 Delivered-To: freebsd-chat@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 34E9A37B8A2; Mon, 15 May 2000 14:52:49 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id OAA95742; Mon, 15 May 2000 14:52:48 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Mon, 15 May 2000 14:52:48 -0700 (PDT) From: Kris Kennaway To: cjclark@home.com Cc: freebsd-chat@freebsd.org Subject: Re: BUGTRAQ Vulnerabilities Stats In-Reply-To: <20000515152053.A54495@cc942873-a.ewndsr1.nj.home.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 15 May 2000, Crist J. Clark wrote: > FreeBSD has the most of the *BSD listed (Free, Net, and Open) with > 1999 having quite a spike (but almost all OSes have a spike in > '99). The big 2.2 to 3 jump is probably a big part of that. I also think they're counting ports among the FreeBSD vulnerabilities, which gives us an unfair disadvantage because often in fact the vulnerability is not anything freebsd-specific, it was just first publicized as being "vulnerable on FreeBSD". For example, OpenBSD has had more than 2 vulnerabilities so far this year - they've shared several of the vulnerable ports, and have also fixed several security issues which never were widely publicized as affecting OpenBSD. Perhaps it's due to lack of manpower, but OpenBSD don't seem to make it widely known when they fix a security hole. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message