Aside from the odd choice of metrics (and the interpretations of them), the article/report doesn't touch on the more prevalent problem of default configurations not really being designed w/ security in mind.
Regards, Miguel Delapaz z/VM TCP/IP Development Linux on 390 Port <[email protected]> wrote on 03/23/2007 10:12:54 AM: > > -----Original Message----- > > From: Linux on 390 Port On Behalf Of Mark Post > > > > >>> On Fri, Mar 23, 2007 at 11:57 AM, in message > > <[EMAIL PROTECTED] > > om>, "McKown, John" wrote: > > > Laugh? Cry? Throw Up? > > > > > > http://www.internetnews.com/security/article.php/3667201 > > > > It's a little hard to understand the decision criteria used, > > as reported by the article. Microsoft had 12 high severity > > problems (out of 39 reported fixed), Red Hat had 2 high > > severity problems out of 208 reported fixed, and Mac OS X had > > 1 high severity problem out of 43 reported fixed. Certainly > > "days until fixed" is important, but the article doesn't say > > how that was measured, so who knows if that's > > accurate/reasonable or not? > > If you "patch" all the big holes in a screen door, don't you still have > a screen door? Granted, it might keep the "Junebugs" out.... > > -jc- > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
