[LINK] By the numbers: Windows vs Linux security
Craig Sanders
cas@taz.net.au
Wed, 3 Oct 2001 16:22:42 +1000
On Tue, Oct 02, 2001 at 11:17:26PM +1000, Damien Miller wrote:
> On Tue, 2 Oct 2001, Craig Sanders wrote:
> > the one really noticable difference between unix security and
> > windows security is that unix programmers have proved that they
> > learn from their mistakes and actually fix problems when they are
> > discovered, while windows programmers merely apply a bandaid patch
> > which fixes the immediate symptom but leaves the underlying problem
> > waiting for the next exploit.
>
> I wish this was really the case.
it was an exaggeration, but not that far off the mark.
> There are just as many stupid Unix developers as their are windows
> developers.
i disagree. there's not as many in raw numbers or as a proportion of
total developers.
> Unfortunately the response of the Open Source community is, as the
> above examples illustrate, all to often to apply a quick fix and not
> continue the process to the rest of the code base.
that's not the case from what i've seen on various security & linux
auditing mailing lists - when a particular type of hole is found, it
is normal practice to search for similar real or potential exploits in
other code.
craig
--
craig sanders <cas@taz.net.au>
Fabricati Diem, PVNC.
-- motto of the Ankh-Morpork City Watch