Matthew Seaman wrote:
[ ... ]

Errr -- did you look at the lists of entries those searches actually turn
up?  [ ...some analysis snipped... ]  I don't think that simply counting
CVE entries is going to tell you very much useful.

No, I didn't look closely at the results.

Without a lot more knowledge of the anonymous friend's security concerns (what their security policy is; whether local compromise vs remote matters, for instance; exploits related to specific modules they were running [simply considering the interactions of mod_ssl with OpenSSL vulnerabilities is a topic of considerable complexity]; etc), the # of CVE entries is as relevant as any other statistic.

I agree with you, in other words: not very...useful. :-)

However, someone who cared to make a meaningful comparision might start with the CVEs, plus checking the ChangeLogs, security-focus/bugtrak/etc mailing lists, and any other convenient data sources besides.


[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to