Shachar, Dorom -
Indeed an interesting story and totally meaningless - I expected more from a lecture at RSA. I had a high regard for the conference until now.
Vulnerabilities mean NOTHING without context of threats, agents, economic "value" of asset damage and cost of mitigation..
Lets propose a simple counter example. Assume a vulnerability in a X11 that enables an attacker to gain root access.
In W2003 server you cannot remove the Windowing subsystem whereas in Linux - unless your'e dumb and/or lazy - a Linux server doesnt even run X. The cost of mitigation in Linux is zero (just remove X11 or dont check it during installation) whereas the cost of mitigation in W2003 is well - your guess is as good as mine
I think the FOSS community should have zero-tolerance for trade-show bandstanding and tomfoolery.
Shabat shalom danny
Shachar Shemesh wrote:
Doron Shikmoni wrote:
Haven't read this yet, but I figured the title is interesting and provocative enough for this list...
http://www.vnunet.com/news/1161323
A Linux enthusiast at the RSA Conference in San Francisco has reluctantly concluded that Microsoft produces more secure code than its open source rivals.
I think the question remains - what did they test?
They did not test a live system, they counted vulnerabilities. The question is - which? Did they count the overall amount of vulnerabilities, or just those that had to do with the specific system they set up?
But, yes, I think this is an interesting one.
Shachar
-- Danny Lieberman Visit us at http://www.software.co.il Office + 972 8 970-1485 Cell + 972 54 447-1114
================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
