View Single Post
Old 9th April 2013
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 429
Default

Yeah, that was the point I was trying to make. Sure, you can say that Windows is "more secure" than Linux because the past three months Microsoft has had fewer CVE's...but then you figure up the "severity score" average and note that M$ has an average severity of 7.8 compared to Linux's 4.8 (numbers being pulled from the air, no basis in reality).

What does it mean? It means you're comparing apples to oranges.

If I run OpenBSD on my entire multi-million dollar infrastructure, and there exists one zero-day in OpenBSD that hasn't been patched yet and is remotely exploitable in the default install, what does it matter if there are fewer CVE's? See what I did there? CVE's aren't the problem, they are only a partial symptom of the problem. Granted, the odds of that occurring are incredibly low compared to "mainstream" operating systems, but it doesn't mean it *couldn't* happen.
__________________
Linux/Network-Security Engineer by Profession. OpenBSD user by choice.

Last edited by rocket357; 9th April 2013 at 09:03 PM.
Reply With Quote