[dundee] Taylug Weekly Articles 8 - POMS
Gary Short
gary at garyshort.org
Sat Feb 2 17:25:37 GMT 2008
gordon dunlop wrote:
> The Coverity study has inspected the Linux kernel, applications etc
> and their statistics have been acknowledged in their accuracy. So
> Linux has been thoroughly tested openly and the data being published.
> The only unknown quantities are with Windows systems because they are
> closed and Microsoft will not let anyone do analysis therefore it is
> only guesswork and conjecture on the number of bugs per lines of code
> within their systems. So Microsoft cannot claim it is more secure as
> it is not open for scrutiny and therefore cannot prove it. At least
> open source can say to the users of their software here is the data on
> how buggy our systems are,
All true, but fairly meaningless when you talk about about software in
security terms. If one system has 100 bugs, but none of them are
exploitable in such away that the security of the system can be
overcome, and another system as just 1 bug, but that bug allows an
exploit which does overcome the security, then I'd have to say the
system with 100 bugs is more secure than the one with 1 bug. No? So, as
I say, until there is an internationally agree measure for security then
each side can pick the measure that shows them in the best light (in
this case bugs per 1k of code) and trumpet to the world that theirs is
the most secure system; whilst another system will choose another
measure that shows them in the best light and do exactly the same thing,
and both sides (and their followers) will talk themselves in circles
without really proving anything.
> users are being presented with facts and
> not propaganda.
Propaganda comes in many shapes and sizes.
--
Cheers,
Gary
http://www.garyshort.org
More information about the dundee
mailing list