OS vulnerabilities

[dplax]

Source: http://news.zdnet.com/2100-9595_22-265701.html

So erm...yeah...guess that's one less weapon in the arsenal of Windows-haters.

The operating systems with the most vulnerability disclosures in 2008:

[Variol (Farseer) Elmwood]

Sorry to be a dummy, but a lower % is better, right?

[dplax]

The table basically says that of all of the vulnerabilities discovered in 2008 X% affected the OS. So lower is indeed better.

[Bungleau]

I think Disraeli gets credit for saying that statistics are like a bikini... what they reveal is interesting, but what they conceal is intriguing.

I can't figure out exactly what those percentages mean. Are they percentages of the total number of vulnerabilities discovered? Are they of the number of vulnerabilities discovered and fixed? Not fixed?

They're just numbers. Here's my list:

• Apple - 173,503
• Linux - 340,044
• Microsoft - 42,034
• Stone tablets - 1,088,300,240

Wow... Microsoft's great! Or... is it that stone tablets are great? Depends if big is better than little.

Interesting as well that five different windows versions are broken out separately, but all the different Linux variations are lumped together.

Figures lie. Liars figure. No one gets a free pass at the bash yet.

[Variol (Farseer) Elmwood]

hey bung', you on drugs today?

[Bungleau]

Nope... no drugs here. Those percentages are meaningless, though, without context. And nowhere in that chart or the accompanying link is context provided. 14.3% of what?

My point with the stone tablets is that without context, you don't know what you're looking at. You can't tell whether it's good or bad. Because of the way MS is broken out, I suspect that the authors have an issue with MS. That's just my conjecture, though.

I also don't know how "vulnerabilities" is measured. If the same vulnerability is reported across five operating systems, does it count once or five times?

I'm an equal-opportunity basher... I go after *everyone*.

[dplax]

Quote:

Originally Posted by Bungleau I think Disraeli gets credit for saying that statistics are like a bikini... what they reveal is interesting, but what they conceal is intriguing. I can't figure out exactly what those percentages mean. Are they percentages of the total number of vulnerabilities discovered? Are they of the number of vulnerabilities discovered and fixed? Not fixed? They're just numbers. Here's my list: Apple - 173,503 Linux - 340,044 Microsoft - 42,034 Stone tablets - 1,088,300,240 Wow... Microsoft's great! Or... is it that stone tablets are great? Depends if big is better than little. Interesting as well that five different windows versions are broken out separately, but all the different Linux variations are lumped together. Figures lie. Liars figure. No one gets a free pass at the bash yet.

Stone tablets for the win!

Linux is lumped together, because all Linux distributions use a kernel.

But hey, let's compare http://secunia.com/advisories/product/2719/ with http://secunia.com/advisories/product/13223/

292 vulnerabilities for Linux, 82 for Vista (all time numbers). Of course there are vulnerabilities and vulnerabilities...(Windows XP has 221 http://secunia.com/advisories/product/22/).

So with the majority of hackers targeting Windows, they barely manage to find as many vulnerabilities as the few who target Linux...I'll draw my flawed conclusions from the numbers.

[dplax]

Quote:

Originally Posted by Bungleau Nope... no drugs here. Those percentages are meaningless, though, without context. And nowhere in that chart or the accompanying link is context provided. 14.3% of what? My point with the stone tablets is that without context, you don't know what you're looking at. You can't tell whether it's good or bad. Because of the way MS is broken out, I suspect that the authors have an issue with MS. That's just my conjecture, though. I also don't know how "vulnerabilities" is measured. If the same vulnerability is reported across five operating systems, does it count once or five times? I'm an equal-opportunity basher... I go after *everyone*.

It's the percentage of vulnerability disclosures. Article on zdnet links to http://news.cnet.com/8301-1009_3-101...orsPicksArea.0 which gives a bit more info on the percentages.

[dplax]

Oh and should you want the real source article:

http://www-935.ibm.com/services/us/i...ual-report.pdf (it is 106 pages though...)

[Variol (Farseer) Elmwood]

Quote:

Originally Posted by Bungleau Nope... no drugs here. Those percentages are meaningless, though, without context. And nowhere in that chart or the accompanying link is context provided. 14.3% of what? My point with the stone tablets is that without context, you don't know what you're looking at. You can't tell whether it's good or bad. Because of the way MS is broken out, I suspect that the authors have an issue with MS. That's just my conjecture, though. I also don't know how "vulnerabilities" is measured. If the same vulnerability is reported across five operating systems, does it count once or five times? I'm an equal-opportunity basher... I go after *everyone*.

..just messin' with ya'