7 comments

[ 4.1 ms ] story [ 67.5 ms ] thread
To understand how well they're doing, one would need a 'percapita' measure of vulnerabilities per unit code produced, or some such?
This feels like a strange list. The top five are Debian, suSE, Oracle, IBM, and Microsoft. The next three are Canonical, Google, and RedHat. This feels more like a fact about how much software the organizations are shipping rather than anything about the organizations themselves. I also wonder whether they double count a bunch of vulnerabilities that are in both Debian and SuSE (and Canonical and Oracle and RedHat).
I'm surprised Debian and Ubuntu are not at the same level.

They ship more or less the same packages anyway.

Also, BS clickbait article. Should never have been posted on HN to begin with.

Saving you from the clickbaity title: Debian etc, Suse, Oracle, IBM, and Microsoft.

The bottom half is filled out with Canonical, Google, RedHat, Cisco and Adobe.

Which is a 'heatmap' of "everybody producing lots of software". Not much info in this article.
There's a dilbert where the idiot boss says "It's come to my attention that employees take 40% of sick days on Mondays and Fridays! This has got to stop!" or some such.

This article reminds me of that.

Does anybody know how many of the vulnerabilities are unique to each of the various Linux distros? I would assume that a large chunk would be the same CVEs.