[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: I think we should respond to claim that Debian is the Most Vulnerable Operating System


On 3/11/20 6:34 PM, Cindy Sue Causey wrote:
> On 3/11/20, Paul Tagliamonte <paultag@ubuntu.com> wrote:
>> Two main points if we do respond -
>> 1) CVEs and other vuln databases are not a scoreboard. The most insecure
>> code will have zero CVEs since no one's identified issues with it.
> My brain's translating that to alternately say.... the more something
> is used, the more exposed it is, and that's when you'll *happily*
> FIND-N-FIX those vulnerabilities.
> Something that's not used or is not used very often? Who's around to
> find anything wrong with it.....?
>> 2) This includes all software available to apt. This means you have to
>> include all Windows apps in the Microsoft app store when considering CVE
>> totals.
> *waving literally from the Peanut Gallery (Georgia)*
> Cindy :)

Regarding a response, I think it would be a good idea if it covers how
vulnerabilities are reported, and then more towards Pauls earlier point
of where the vulnerabilities are found and does it include all of the
software officially or unofficially in the distribution/vendor package.

Another point to consider would be how quickly the vulnerability is
addressed and patched, Linux isn't just Tuesdays.

That article is nested a bit, have some source[1] :)



⣾⠁⢠⠒⠀⣿⡁ Donald Norwood
⢿⡄⠘⠷⠚⠋⠀ B7A1 5F45 5B28 7F38 4174
⠈⠳⣄⠀⠀⠀⠀ D5E9 E5EC 4AC9 BD62 7B05

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: