Matthew Seaman wrote:
[ ... ]
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=apache+2
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=apache+1


Errr -- did you look at the lists of entries those searches actually turn
up?  [ ...some analysis snipped... ]  I don't think that simply counting
CVE entries is going to tell you very much useful.

No, I didn't look closely at the results.


Without a lot more knowledge of the anonymous friend's security concerns (what their security policy is; whether local compromise vs remote matters, for instance; exploits related to specific modules they were running [simply considering the interactions of mod_ssl with OpenSSL vulnerabilities is a topic of considerable complexity]; etc), the # of CVE entries is as relevant as any other statistic.

I agree with you, in other words: not very...useful. :-)

However, someone who cared to make a meaningful comparision might start with the CVEs, plus checking the ChangeLogs, security-focus/bugtrak/etc mailing lists, and any other convenient data sources besides.

--
-Chuck

_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to