* Matthias Kilian <[EMAIL PROTECTED]> [2006-01-23 15:58]:
> On Mon, Jan 23, 2006 at 05:08:00PM -0500, Dave Feustel wrote:
> > Securia gives OpenBSD a pretty nice security rating at
> > http://secunia.com/product/100/
>
> Those statistics say nothing at first glance. For example, I could
> argue that PHP 4.3.x is more secure than OpenBSD because there were
>
....
>
> And what's really missing at secunia.com is some data about response
> time wrt. to severity.
....
Well, the other thing is that their "severity" is often a bit
misguided too, for example on the OpenBSD page they list the sendmail
problem from 2003 as pretty severe, but it's the same as they listed
it for every other operating system...
Here's the catch though - I remember this one - propolice caught it
on openbsd, so it actually WAS NOT EXPLOITABLE.
so, given that it wasn't exploitable on openbsd, but was
on everything else that has it, why does it have the same "severity"
rating? make sense to you?
These sorts of "glob it together and rank it" sites are
just collections of random knowledge. nothing more.
-Bob
