[oclug]Pimpin' Linux

[Brad Barnett]

On 22 Jan 2003 12:48:57 -0500
Dave Edwards <dle1 at sympatico.ca> wrote:

> On Wed, 2003-01-22 at 12:53, Trevor Curtis wrote:
> > I came across an interesting article that looks at Open Source/Free
> > Software, and it's implications with the law:
> > 
> > http://www.floridabiz.com/news.html?news_id=25191&hl=rothman
> > 
> > Interesting read, but one paragraph that I took exception too was:
> > 
> > "Another misconception of open-source software is that it is better or
> > safer than proprietary software. In fact, there were more security
> > vulnerabilities discovered last year in Linux than there were in
> > Windows."
> 
> That might actually be true, with a spin.  "Discovered" -- easier to do
> with (F|FL| |^)OSS.  Assuming that's the case, they should have written,
> "discovered and fixed."
> 


It's not true, at all.  Naturally, if you take the 20 different distros
out there and count each security report as a vunerability, then yes,
there were more.  I believe the people that initially wrote the article
(which this and all others derive) did just this.

Also, aside from this, there is definitely a flaw here.  Look at the
software available for Windows.  Now look at the software available for
Linux.

Now ask yourself.  How many updates and bug fixes were released for
Windows software that was reported on BugTraq, and how many for Linux.  I
suppose Dave's statement is true if applied this way, but not because of
the nature of the software, but the nature of those that report bugs to
open forums.

Many pieces of software that run under Windows never openly report their
bugs.  Heck, in many cases, they don't even RESPOND to bug reports.  At
all.  However, Open Source software is the reverse.

While the authors of many Windows programs keep security vunerability
issues secret, most Open Source programs do not.

So, were there more Open Source Software vunerabilities discovered last
year than non?  Heck no!  Were more reported?  Possibly, although even
this is doubtful.