[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: I think we should respond to claim that Debian is the Most Vulnerable Operating System

Two main points if we do respond -

1) CVEs and other vuln databases are not a scoreboard. The most insecure code will have zero CVEs since no one's identified issues with it.
2) This includes all software available to apt. This means you have to include all Windows apps in the Microsoft app store when considering CVE totals.




On Wed, Mar 11, 2020 at 3:50 PM Sam Hartman <hartmans@debian.org> wrote:

https://www.linux.com/news/debian-linux-was-the-most-vulnerable-operating-system-in-the-last-20-years/

Why respond?
This article is getting enough hits on search engines that it was the
top hit on my proprietary phone's home page.
So it's actually getting seen.

The article's premis seems to be flawed.
Of course we have a lot of vulnerabilities: we have a lot of packages.
And some of those packages have bugs.

--Sam



--
All programmers are playwrights, and all computers are lousy actors.

#define sizeof(x) rand()
:wq
Reply to: