[LINK] OSS means slower patches

rchirgwin at ozemail.com.au rchirgwin at ozemail.com.au
Wed Sep 21 05:55:26 EST 2005 

Howard Lowndes wrote:

> An interesting report, with an Australian twist.  Strange that there 
> is no reference to it on either symantec.com.au or symantec.com

The report isn't on Symantec.com, just the press release. Symantec 
conducted the report itself.

http://www.symantec.com/press/2005/n050919a.html

...comprehensively spun and added to for the local press.

RC

>
> If we knew where to find it we might be able to see how they derive 
> their statements, and perhaps who funded it; my personal experience 
> with Firefox does not support their claim, in fact, quite the contrary.
>
>
> "Symantec had not published previously statistics on the average time 
> required to produce patches, but Mr Sykes said data showed the lag had 
> previously been about 30 days."
>
> ...so how do they now that the lag has incresed if they haven't 
> published figures.
>
>
> "An average of 10 new vulnerabilities per day were discovered during 
> the first half of 2005, Mr Sykes said. In practice, large companies 
> with around 10,000 employees were now looking at 50 days between 
> vulnerability and the installation of patches across systems, he said."
>
> ...an unsubtle implication by association that these all relate to FOSS.
>
> "Mr Sykes said the increasing popularity of open source software, such 
> as the Mozilla Foundation's Firefox browser, could be part of the 
> reason for the increase in the gap between vulnerability and patch, 
> with the open source development model itself part of the problem. "It 
> is relying on the goodwill and best efforts of many people, and that 
> doesn't have the same commercial imperative," he said. "I'm sure that 
> is part of what is causing the blow-out in the patch window.""
>
> ...that sounds very much like M$ inspired FUD.
>
> "The Mozilla family of browsers had the highest number of 
> vulnerabilities during the first six months of 2005, with 25," the 
> Symantec report says. "Eighteen of these, or 72 per cent, were rated 
> as high severity. Microsoft Internet Explorer had 13 vendor confirmed 
> vulnerabilities, of which eight, or 62 per cent, were considered high 
> severity."
>
> ...how about they get the facts from the Firefox site 
> http://www.mozilla.org/security/#Security_Alerts
>
> "People don't attack browsers and systems per se, they attack the 
> people that use them," he said. "As soon as large banks started using 
> Linux, Linux vulnerabilities started to get exploited."
>
> ...it's strange that this has not appeared on the radar on any of the 
> Linux specialist sites.
>
>> http://australianit.news.com.au/articles/0,7204,16650762%5E15306%5E%5Enbv%5E,00.html 
>>
>

More information about the Link mailing list