Re: NVD report on vulnerabilities

To: "adRnia ." <adrian.mymailspace@gmail.com>
Cc: debian-project@lists.debian.org
Subject: Re: NVD report on vulnerabilities
From: Paul Wise <pabs@debian.org>
Date: Sat, 14 Mar 2015 21:52:17 +0800
Message-id: <[🔎] CAKTje6ESkx+Ly_PKDu1LYvDguHmxYV8gb+f2rEFRaquaj4L-JQ@mail.gmail.com>
In-reply-to: <[🔎] CAMSfjD1FKs6Cy_FGY10T5nYEfT6=TF5+AHH5oyzEpTV8fSN+8g@mail.gmail.com>
References: <[🔎] CAMSfjD1FKs6Cy_FGY10T5nYEfT6=TF5+AHH5oyzEpTV8fSN+8g@mail.gmail.com>

On Sat, Mar 14, 2015 at 9:13 PM, adRnia . wrote:

> 1. A understanding of the GFI report on vulnerabilities in Linux. Other than
> Heartbleed and Shellshock vulnerability, how can we assess the vulnerability
> of Debian Linux OS and applications? On a generic level.

I've no idea what a GFI report is but perhaps one of these helps:

sudo apt-get install debsecan ; debsecan
https://security-tracker.debian.org/tracker/data/json

> 2. What is the number of DDs and DMs working as part of the Debian project?

Debian related graphs, statistics and diagrams are linked from here:

https://wiki.debian.org/Statistics
https://wiki.debian.org/Diagrams

These appear to be the membership, access and contribution metrics we
know about:

https://nm.debian.org/public/stats/
https://contributors.debian.org/

> 3. Is there a report or statistical figures showing the frequency of bugs,
> vulnerabilities identified vs patches and updates released?

These appear to be the security metrics we know about:

https://outflux.net/debian/hardening/
http://security-metrics.debian.net/

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Reply to:

References:
- NVD report on vulnerabilities
  - From: "adRnia ." <adrian.mymailspace@gmail.com>

Prev by Date: NVD report on vulnerabilities
Next by Date: On Debian not using its money (was: Q to all candidates: SWOT analysis)
Previous by thread: NVD report on vulnerabilities
Next by thread: On Debian not using its money (was: Q to all candidates: SWOT analysis)
Index(es):
- Date
- Thread