On Wed, Mar 09, 2005 at 12:25:06PM +0100, Javier Fern?ndez-Sanguino Pe?a wrote:
> Maybe you've seen it already, but the guys at Ubuntu have done a > light-weight analysis of the vulnerabilities they have been released since > "Warty" was released: https://www.ubuntulinux.org/wiki/USNAnalysis A nice page. > This analysis does not match the one on ICAT's database > (http://icat.nist.gov/icat.cfm?function=statistics) but probably is related > to the fact that a lot of tempfile races have been found and reported > recently by the Security Audit team. Yes. > I would like somebody to do a similar analysis regarding Debian's > vulnerabilities (Ubuntu vulns are probably a subset of those affecting > woody). Has anyone enough spare time? I'd be interested in helping out, it seems like it shouldn't take too long to break things down into the type of the vulnerability and local vs. remote. A simple script I wrote did that for me already - although there are some fixups required as we seem to have a few different spellings for different things. eg. sanitizing vs sanitising. You can see the simple output here along with input and output. http://people.debian.org/~skx/2005/ I'd be interested in average advisories per week, as well as classification on the actual output. (Seems like buffer overflows are still the biggest reported thing for this year - although you've done a good job at showing temporary file issues). Steve -- # The Debian Security Audit Project. http://www.debian.org/security/audit -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
