> For the sake of discussion, here is an interesting article on
> Open source security.
>
> http://developer.earthweb.com/journal/techfocus/052600_security.html
Too bad he doesn't discuss the most important thing: time laps between the
moment the security problem is found and the moment a fix is released.
(define these loosly: fixed means a patch apears on redhat site, and found
means an notification/exploit in rootshell/cern/bugtraq...)
Its 7 days for linux, 2 month for MS and 6 month for Sun, on avrage.
(ofcourse in the past year only 2 security bugs were found on Sun, numbers
of linux/ms bugs is closer to 100)
the point I'm making is: if there's a bug no one knows about - the system is
relativly secure. if the bug is well known and exploits are running
around... well, Linux sysadmin can spend a week of kernel tinkering trying
to fix it, MS/Sun sysadmins can just pray and wait for the next service
pack.
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
