On Mon, Jul 09, 2018 at 04:15:20PM +0200, Antony Stone wrote: > On Monday 09 July 2018 at 16:10:02, Alessandro Selli wrote: > > > Actually the Linux kernel is the most scrutinized and secure piece of > > software that's around. > > Interesting claim. > > Citation/s? >
This is not a definitive citation, but looks like a concrete starting point for a rational discussion: https://outflux.net/blog/archives/2016/10/18/security-bug-lifetime/ TL;DR: The article shows that only 2 Critical CVEs and 34 High CVEs were found in the Linux kernel between v.2.6.12 and v.4.9. This covers about 10 years of kernel development, during which the kernel has increased its size from about 8M LOC (2006) to about 22M LOC (2016). It's fair to stress that most of the increase is due to device drivers though, not to internal kernel components (which have increased in size, nevertheless). It's true that the average time before a bug is discovered can be quite high (the average is about 5 years), but it's also true that the average time to get it fixed once discovered is in the order of days, if not hours. My2Cents KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ]
signature.asc
Description: PGP signature
_______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
