Matthew Seaman wrote: [ ... ]
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=apache+2 http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=apache+1
Errr -- did you look at the lists of entries those searches actually turn up? [ ...some analysis snipped... ] I don't think that simply counting CVE entries is going to tell you very much useful.
No, I didn't look closely at the results.
Without a lot more knowledge of the anonymous friend's security concerns (what their security policy is; whether local compromise vs remote matters, for instance; exploits related to specific modules they were running [simply considering the interactions of mod_ssl with OpenSSL vulnerabilities is a topic of considerable complexity]; etc), the # of CVE entries is as relevant as any other statistic.
I agree with you, in other words: not very...useful. :-)
However, someone who cared to make a meaningful comparision might start with the CVEs, plus checking the ChangeLogs, security-focus/bugtrak/etc mailing lists, and any other convenient data sources besides.
-- -Chuck
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
