All,

I just finished a rather extensive review of all the advisories from CERT for this year. (http://www.cert.org/advisories/). The totals I came up with are a little different. Unix came up with 8, Microsoft with 4, and Linux, the poster child, a whopping 3. I looked through each advisory, read which systems were affected, and checked where the issue came from. The ones I found where Linux had an issue due to its own code are:

26 - Buffer Overflow in CDE ToolTalk
25 - Integer Overflow In XDR Library
07 - Double Free bug in zlib Compression Library

Now the argument can be raised that the issues of BIND, DHCP, SSL and Kerberos should be counted against Open Source, but then can we include the AOL (02), the Macromedia JRun (13), and Yahoo Messenger (15) problems against Microsoft? Those applications do run under Microsoft windows.

I would like to see the breakdown used by the Aberdeen Group to point out how insecure Linux really is. If anyone wants a copy of my document, contact me at sfr_999@hotmail.com

Steve Robinson

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/127/17310#17310